Lucene search

MitreCVE-2008-6039

HistoryFeb 03, 2009 - 11:30 a.m.

CVE-2008-6039

2009-02-0311:30:00

CWE-287

mitre

web.nvd.nist.gov

cve-2008-6039

session fixation

bluepage cms

vulnerability

phpsessid

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.047

Percentile

92.8%

JSON

Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Affected configurations

Nvd

Node

bluepagebluepage_cmsRange≤2.5

bluepagebluepage_cmsMatch2.4.0

VendorProductVersionCPE
bluepagebluepage_cms*cpe:2.3:a:bluepage:bluepage_cms:*:*:*:*:*:*:*:*
bluepagebluepage_cms2.4.0cpe:2.3:a:bluepage:bluepage_cms:2.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bluepage	bluepage_cms	*	cpe:2.3:a:bluepage:bluepage_cms::::::::
bluepage	bluepage_cms	2.4.0	cpe:2.3:a:bluepage:bluepage_cms:2.4.0:::::::*

References

secunia.com/advisories/31968

www.majorsecurity.de/index_2.php?major_rls=major_rls53

www.securityfocus.com/archive/1/496582/100/0/threaded

www.securityfocus.com/bid/31315

exchange.xforce.ibmcloud.com/vulnerabilities/45323

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.047

Percentile

92.8%

JSON

Related for CVE-2008-6039