CVE-2007-2383
asterisk - several vulnerabilities
EPSS 0.26%
Description
The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
How to fix CVE-2007-2383
To remediate CVE-2007-2383, upgrade the affected package to a fixed version below.
- Debian/asterisk—upgrade to 1:1.6.2.0~rc3-1 or later
- —upgrade to 1:1.4.21.2~dfsg-3+lenny1 or later
- —upgrade to 1.2.1-1 or later
- —upgrade to 2.7-1 or later
- —upgrade to 1.48-3 or later
- —upgrade to 1.0.21-1.1 or later
Is CVE-2007-2383 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (6)
- from 0, < 1:1.6.2.0~rc3-1
- from 0, < 1:1.4.21.2~dfsg-3+lenny1
- from 0, < 1.2.1-1
- from 0, < 2.7-1
- from 0, < 1.48-3
- from 0, < 1.0.21-1.1