Unrated severityNVD Advisory· Published Jun 26, 2007· Updated Jun 16, 2026
CVE-2007-3420
CVE-2007-3420
Description
The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.
Affected products
2cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*range: <=0.9.9.6
- (no CPE)range: <0.9.9.7
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.