CVE-2007-6383 Information

Description

The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions which allows remote authenticated users to create arbitrary resources in another user’s home collection.

Reference

http://lists.osafoundation.org/pipermail/cosmo-dev/2007-December/005442.html http://osvdb.org/44152 http://www.vupen.com/english/advisories/2007/4214 https://bugzilla.osafoundation.org/show_bug.cgi?id=11587