Lucene search

[email protected]CVE-2008-1106

HistoryJun 09, 2008 - 11:32 p.m.

CVE-2008-1106

2008-06-0923:32:00

CWE-352

CWE-287

[email protected]

web.nvd.nist.gov

akamai client

red swoosh

csrf

authentication bypass

cve-2008-1106

remote exploitation

security vulnerability

7.7 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

0.002 Low

EPSS

Percentile

61.5%

JSON

The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.

CPENameOperatorVersion
akamai_technologies:clientakamai technologies clientle3322
red_swoosh:clientred swoosh clientle3322

CPE	Name	Operator	Version
akamai_technologies:client	akamai technologies client	le	3322
red_swoosh:client	red swoosh client	le	3322

References

secunia.com/advisories/30135

secunia.com/secunia_research/2008-19/advisory/

securityreason.com/securityalert/3930

www.securityfocus.com/archive/1/493169/100/0/threaded

www.securityfocus.com/archive/1/493170/100/0/threaded

www.securitytracker.com/id?1020208

www.vupen.com/english/advisories/2008/1761/references

exchange.xforce.ibmcloud.com/vulnerabilities/42895

7.7 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for CVE-2008-1106

securityvulns3 prion1 nessus1 seebug1