CVE-2007-4385

OWASP Stinger <2.5 - Auth Bypass

Title source: llm

Description

OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Meder Kydyraliev · javaremotemultiple

https://www.exploit-db.com/exploits/30491

View Code ZIP pw:eip

References (8)

[Various Sources] http://o0o.nu/~meder/o0o_bypassing_servlet_input_validation_filters.txt

[Third Party Advisory, VDB Entry] http://osvdb.org/39544

[Patch, Vendor Advisory] http://secunia.com/advisories/26441

[Exploit, Patch] http://www.securityfocus.com/bid/25294

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35981

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/476288/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018555

[Third Party Advisory] http://securityreason.com/securityalert/3035

Scores

EPSS 0.0808

EPSS Percentile 92.2%

Details

Status published

Products (1)

owasp/stinger < 2.4

Published Aug 17, 2007

Tracked Since Feb 18, 2026