This page lists publicly disclosed CVE vulnerabilities affecting getahead direct_web_remoting (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2007-2377 | The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | [email protected] | 5.0 | 1.88% | 2007-04-30 | 2026-06-16 |
| CVE-2007-0185 | Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch. | [email protected] | 5.0 | 1.46% | 2007-01-12 | 2026-06-16 |
| CVE-2007-0184 | Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks. | [email protected] | 7.5 | 1.44% | 2007-01-12 | 2026-06-16 |
| CVE-2006-6916 | Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input." | [email protected] | 7.5 | 2.84% | 2006-12-31 | 2026-06-16 |