Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-0210
HistoryJan 10, 2008 - 12:46 a.m.

CVE-2008-0210

2008-01-1000:46:00
CWE-287
[email protected]
web.nvd.nist.gov
17
cve-2008-0210
uebimiau webmail
authentication bypass
directory traversal
http security

7.1 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

65.8%

JSON

Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.

Related

prion 2
cve 1
prion
prion
Directory traversal
2008-01-10 00:46:00
Directory traversal
2008-01-08 19:46:00
cve
cve
CVE-2008-0140
2008-01-08 19:46:00

7.1 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

65.8%

JSON
Related for CVE-2008-0210
prion2cve1