GCVE - cpe:2.3:a:accoria:rock_web_server:1.4.7:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:accoria:rock_web_server:1.4.7:*:*:*:*:*:*:*

part: a version: 1.4.7 update: *

Vendor	Accoria (`a6b80720-91f1-544c-bcc5-dc86c44dbfc7`)
Product	Rock Web Server (`830554a7-fd53-5b1a-b3f9-3bfbeec149e9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-2271`	vulnerable	2026-06-03 14:30:24.510692	Details available Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter. Published: 2010-06-14T19:00:00.000Z Updated: 2024-09-16T17:08:55.138Z Open on db.gcve.eu Reference links http://www.ioactive.com/pdfs/AccoriaWebServer.pdf http://www.kb.cert.org/vuls/id/245081	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2270`	vulnerable	2026-06-03 14:30:24.510361	Details available Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. Published: 2010-06-14T19:00:00.000Z Updated: 2024-09-17T00:41:57.786Z Open on db.gcve.eu Reference links http://www.ioactive.com/pdfs/AccoriaWebServer.pdf http://www.kb.cert.org/vuls/id/245081	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2269`	vulnerable	2026-06-03 14:30:24.510011	Details available Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. Published: 2010-06-14T19:00:00.000Z Updated: 2024-09-16T18:49:48.151Z Open on db.gcve.eu Reference links http://www.ioactive.com/pdfs/AccoriaWebServer.pdf http://www.kb.cert.org/vuls/id/245081	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2268`	vulnerable	2026-06-03 14:30:24.509643	Details available Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts. Published: 2010-06-14T19:00:00.000Z Updated: 2024-09-16T18:07:48.761Z Open on db.gcve.eu Reference links http://www.ioactive.com/pdfs/AccoriaWebServer.pdf http://www.kb.cert.org/vuls/id/245081	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2267`	vulnerable	2026-06-03 14:30:24.509179	Details available Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi. Published: 2010-06-14T19:00:00.000Z Updated: 2024-09-17T02:33:04.827Z Open on db.gcve.eu Reference links http://www.ioactive.com/pdfs/AccoriaWebServer.pdf http://www.kb.cert.org/vuls/id/245081	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.