Strix
26.1K

CVE-2007-4909

UnknownEPSS 3.52%

Last modified

CVE-2007-4909 is a vulnerability of currently unknown severity. Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.. EPSS estimates a 3.52% chance of exploitation in the next 30 days.

Description

Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.

Metrics

EPSS Probability
3.52%

87.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
WinscpWinscp2.0.0
WinscpWinscp3.5.5_beta
WinscpWinscp3.5.6
WinscpWinscp3.6
WinscpWinscp3.6.1
WinscpWinscp3.6.5_beta
WinscpWinscp3.6.6
WinscpWinscp3.6.7
WinscpWinscp3.8.1
WinscpWinscp3.8.2
WinscpWinscp4.0.2
WinscpWinscp4.0.3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-4909?
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.
How severe is CVE-2007-4909?
Severity scoring for CVE-2007-4909 is pending analysis. The EPSS model estimates a 3.52% probability of exploitation in the next 30 days.
How do I fix CVE-2007-4909?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-4909?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST