Lucene search

[email protected]CVE-2008-3557

HistoryAug 08, 2008 - 7:41 p.m.

CVE-2008-3557

2008-08-0819:41:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-3557

free hosting manager

authentication bypass

remote attackers

administrative access

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.048 Low

EPSS

Percentile

92.7%

JSON

Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies.

Affected configurations

NVD

Node

fhm-scriptfree_hosting_managerMatch1.2

fhm-scriptfree_hosting_managerMatch2.0

CPENameOperatorVersion
fhm-script:free_hosting_managerfhm-script free hosting managereq1.2
fhm-script:free_hosting_managerfhm-script free hosting managereq2.0

CPE	Name	Operator	Version
fhm-script:free_hosting_manager	fhm-script free hosting manager	eq	1.2
fhm-script:free_hosting_manager	fhm-script free hosting manager	eq	2.0

References

secunia.com/advisories/31383

securityreason.com/securityalert/4118

www.securityfocus.com/bid/30580

exchange.xforce.ibmcloud.com/vulnerabilities/44260

www.exploit-db.com/exploits/6213

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.048 Low

EPSS

Percentile

92.7%

JSON

Related for CVE-2008-3557

nvd1 prion1 cvelist1