Lucene search

[email protected]CVE-2008-3454

HistoryAug 04, 2008 - 7:41 p.m.

CVE-2008-3454

2008-08-0419:41:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-3454

jnshosts

php hosting directory

remote attackers

authentication bypass

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.048 Low

EPSS

Percentile

92.7%

JSON

JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the “adm” cookie value to 1.

Affected configurations

NVD

Node

jnshostsphp_hosting_directoryMatch2.0

CPENameOperatorVersion
jnshosts:php_hosting_directoryjnshosts php hosting directoryeq2.0

CPE	Name	Operator	Version
jnshosts:php_hosting_directory	jnshosts php hosting directory	eq	2.0

References

secunia.com/advisories/31235

securityreason.com/securityalert/4105

www.securityfocus.com/bid/30444

exchange.xforce.ibmcloud.com/vulnerabilities/44110

www.exploit-db.com/exploits/6163

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.048 Low

EPSS

Percentile

92.7%

JSON

Related for CVE-2008-3454

prion1 nvd1 cvelist1