CVE-2007-4043

CRITICAL

Secure Computing SecurityReporter <4.6.3 - Auth Bypass

Title source: llm

Description

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.

References (2)

[Mailing List] http://marc.info/?l=bugtraq&m=118522960430476&w=2

[Various Sources] http://www.oliverkarow.de/research/securityreporter.txt

Scores

CVSS v3 9.8

EPSS 0.0055

EPSS Percentile 67.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status draft

Affected Products (1)

securecomputing/securityreporter < 4.6.3

Timeline

Published Jul 27, 2007

Tracked Since Feb 18, 2026