Lucene search

[email protected]CVE-2008-3428

HistoryJul 31, 2008 - 10:41 p.m.

CVE-2008-3428

2008-07-3122:41:00

CWE-287

[email protected]

web.nvd.nist.gov

phpfreechat

session fixation

vulnerability

remote authentication

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim’s nickid parameter.

Affected configurations

NVD

Node

phpfreechatphpfreechatMatch1.0beta

phpfreechatphpfreechatMatch1.0beta10

phpfreechatphpfreechatMatch1.0beta11

phpfreechatphpfreechatMatch1.0beta2

phpfreechatphpfreechatMatch1.0beta3

phpfreechatphpfreechatMatch1.0beta4

phpfreechatphpfreechatMatch1.0beta5

phpfreechatphpfreechatMatch1.0beta6

phpfreechatphpfreechatMatch1.0beta7

phpfreechatphpfreechatMatch1.0beta8

phpfreechatphpfreechatMatch1.0beta9

phpfreechatphpfreechatMatch1.0final

phpfreechatphpfreechatMatch1.1

CPENameOperatorVersion
phpfreechat:phpfreechatphpfreechateq1.0
phpfreechat:phpfreechatphpfreechateq1.1

CPE	Name	Operator	Version
phpfreechat:phpfreechat	phpfreechat	eq	1.0
phpfreechat:phpfreechat	phpfreechat	eq	1.1

References

secunia.com/advisories/31283

www.phpfreechat.net/changelog/1.2

www.securityfocus.com/bid/30462

exchange.xforce.ibmcloud.com/vulnerabilities/44116

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2008-3428

prion1 cvelist1 nvd1