Basic Analysis and Security Engine (BASE) contains a flaw that may allow a malicious user to gain full privileges without authentication. The issue is triggered when using HTTP client that does not follow redirects. It is possible that the flaw may allow unauthorized administrative access resulting in a loss of integrity.

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

• CVE ID: 2007-5578 (see also: NVD)
• Bugtraq ID: 24315
• Secunia Advisory ID: 25518
• ISS X-Force ID: 34724
• Related OSVDB ID: 38792
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0031.html
  http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063767.html
• Vendor URL: http://base.secureideas.net/
• Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=103348&release_id=521723 [ Link is 404 ]
• Other Advisory URL: http://yaisb.blogspot.com/2006/08/authentication-bypass_07.html

• Johnny Storm - johhny653gmail.com -