Lucene search

[email protected]CVE-2007-2232

HistoryApr 25, 2007 - 3:19 p.m.

CVE-2007-2232

2007-04-2515:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2232

cosign

authentication bypass

security vulnerability

nvd

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.4%

JSON

The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter.

CPENameOperatorVersion
cosign:cosigncosigneq0.9.0
cosign:cosigncosigneq1.6
cosign:cosigncosigneq0.8.0
cosign:cosigncosigneq1.0
cosign:cosigncosigneq1.5
cosign:cosigncosigneq1.8
cosign:cosigncosigneq1.1
cosign:cosigncosigneq1.8.5
cosign:cosigncosigneq0.7.0
cosign:cosigncosigneq2.0.1

CPE	Name	Operator	Version
cosign:cosign	cosign	eq	0.9.0
cosign:cosign	cosign	eq	1.6
cosign:cosign	cosign	eq	0.8.0
cosign:cosign	cosign	eq	1.0
cosign:cosign	cosign	eq	1.5
cosign:cosign	cosign	eq	1.8
cosign:cosign	cosign	eq	1.1
cosign:cosign	cosign	eq	1.8.5
cosign:cosign	cosign	eq	0.7.0
cosign:cosign	cosign	eq	2.0.1

Rows per page:

1-10 of 121

References

secunia.com/advisories/24845

www.securityfocus.com/archive/1/465386/100/100/threaded

www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-001.txt

www.vupen.com/english/advisories/2007/1359

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.4%

JSON

Related for CVE-2007-2232

prion1