{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30"}, {"name": "winscp-scpsftp-command-execution(36591)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"}, {"name": "3141", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3141"}, {"name": "25655", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25655"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://winscp.net/eng/docs/history/"}, {"name": "26820", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26820"}, {"name": "1018697", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018697"}, {"name": "20070913 WinSCP < 4.04 url protocol handler flaw", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4909", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30", "refsource": "MISC", "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30"}, {"name": "winscp-scpsftp-command-execution(36591)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"}, {"name": "3141", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3141"}, {"name": "25655", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25655"}, {"name": "http://winscp.net/eng/docs/history/", "refsource": "CONFIRM", "url": "http://winscp.net/eng/docs/history/"}, {"name": "26820", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26820"}, {"name": "1018697", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018697"}, {"name": "20070913 WinSCP < 4.04 url protocol handler flaw", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:08:33.919Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30"}, {"name": "winscp-scpsftp-command-execution(36591)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"}, {"name": "3141", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3141"}, {"name": "25655", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25655"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://winscp.net/eng/docs/history/"}, {"name": "26820", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26820"}, {"name": "1018697", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018697"}, {"name": "20070913 WinSCP < 4.04 url protocol handler flaw", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4909", "datePublished": "2007-09-17T17:00:00.000Z", "dateReserved": "2007-09-17T00:00:00.000Z", "dateUpdated": "2024-08-07T15:08:33.919Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "833B5B6D-9A6B-4F25-81B0-F27D82940F8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:3.5.5_beta:*:*:*:*:*:*:*", "matchCriteriaId": "1441C593-8BA8-4D10-BE13-4D4D01B5ACB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:3.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "9FEE92BE-F80D-481E-95DF-2C33E8DE3D3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "61A75DF1-1A3E-4898-B7A6-750F9FA8D1A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "79C692ED-9C28-4CAA-B72A-4CCC78AE8680", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:3.6.5_beta:*:*:*:*:*:*:*", "matchCriteriaId": "D214F458-12B5-4280-AF10-33426933992E", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:3.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "BD7FE4B2-2433-4B7F-BFA2-DCDEC32F329E", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:3.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "B57BACA5-6820-48BB-906F-6AA010429F18", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA9F9BEF-14B6-429B-915F-45958C568F76", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:3.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "89254511-B715-4515-AA6F-86133A2182CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FDD786A3-A146-4E4B-90C4-D9F8A2E7D986", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "200669EB-F6A1-4C6F-9939-EB3ADB472161", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015."}, {"lang": "es", "value": "Conflicto de interpretaci\u00f3n en WinSCP anterior a 4.0.4 permite a atacantes remotos llevar a cabo transferencias de archvios de su elecci\u00f3n con un servidor remoto a trav\u00e9s de comandos de transferencia de archivos en la porci\u00f3n final de un (1) scp, y posiblemente un (2)sftp o (3) ftp, URL, tal y como se demostr\u00f3 con la validaci\u00f3n de una URL espec\u00edfica en un servidor remoto con un nombre de usuario de scp, el cual es interpretado como un nombre de esquema HTTP a trav\u00e9s del manejador de protocolo del navegador web, pero este es interpretado como un nombre de usuario por WinSCP. NOTA: esto est\u00e1 relacionado con un parche incompleto para CVE-2006-3015."}], "id": "CVE-2007-4909", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-09-17T17:17:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26820"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3141"}, {"source": "cve@mitre.org", "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30"}, {"source": "cve@mitre.org", "url": "http://winscp.net/eng/docs/history/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/25655"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018697"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26820"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3141"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://winscp.net/eng/docs/history/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/25655"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}