Lucene search
MitreCVE-2008-3317HistoryJul 25, 2008 - 4:41 p.m.
CVE-2008-3317
2008-07-2516:41:00
CWE-287
mitre
web.nvd.nist.gov
765
cve-2008-3317
maian search
authentication bypass
remote attackers
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.086
Percentile
94.5%
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
Affected configurations
Node
maian_script_worldmaian_searchRange≤1.1
ORmaian_script_worldmaian_searchMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| maian_script_world | maian_search | * | cpe:2.3:a:maian_script_world:maian_search:*:*:*:*:*:*:*:* |
| maian_script_world | maian_search | 1.0 | cpe:2.3:a:maian_script_world:maian_search:1.0:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2008-3317
2008-07-25 16:00:00
exploitdb
exploitdb
Maian Search 1.1 - Insecure Cookie Handling
2008-07-13 00:00:00
prion
prion
Authentication flaw
2008-07-25 16:41:00
nvd
nvd
CVE-2008-3317
2008-07-25 16:41:00
nessus
nessus
Maian Scripts Cookie Manipulation Authentication Bypass
2008-07-15 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.086
Percentile
94.5%
Related for CVE-2008-3317