ID CVE-2008-6908Type cveReporter cve@mitre.orgModified 2017-08-17T01:29:00
Description
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.
{"id": "CVE-2008-6908", "bulletinFamily": "NVD", "title": "CVE-2008-6908", "description": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.", "published": "2009-08-06T17:30:00", "modified": "2017-08-17T01:29:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6908", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/32894", "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458", "http://drupal.org/node/348295", "http://osvdb.org/50743"], "cvelist": ["CVE-2008-6908"], "type": "cve", "lastseen": "2019-05-29T18:09:30", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "44bde6e6fdd03bde7591ddf059ffd18a"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ef9d70164461e436dbb6a4b94247298c"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "2799eb5e1e9f36839b860521057cafe4"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "7f7c77d2dde7216a66d00321bd5828f8"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "c7f7fcd51a1d9114dcb2be89890243b3"}, {"key": "description", "hash": "d2cb2233851a2d9ea57059d19a3705d3"}, {"key": "href", "hash": "b7a6998e46b99d441a4f618793255505"}, {"key": "modified", "hash": "042be6a55c0100aa7f711b7156c9abb7"}, {"key": "published", "hash": "72f52e4ddba5775037e01f229e60b8f8"}, {"key": "references", "hash": "a797b5d69d762c59336e9f4c96ffe134"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "146453652f078338799d6ac4fd0319aa"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "7f8cce95be0206890845c16c972c1f3dc3b418f9e1b029f962d0704e8dd78329", "viewCount": 0, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:09:30"}, "dependencies": {"references": [], "modified": "2019-05-29T18:09:30"}, "vulnersScore": 6.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:marc_ingram:services:6.x-0.9", "cpe:/a:marc_ingram:services:6.x-0.11", "cpe:/a:marc_ingram:services:6.x-0.12", "cpe:/a:marc_ingram:services:5.x-1.x-dev", "cpe:/a:marc_ingram:services:5.x-0.91", "cpe:/a:marc_ingram:services:6.x-1.x-dev", "cpe:/a:marc_ingram:services:5.x-0.9"], "affectedSoftware": [{"name": "marc_ingram services", "operator": "eq", "version": "5.x-1.x-dev"}, {"name": "marc_ingram services", "operator": "eq", "version": "6.x-0.11"}, {"name": "marc_ingram services", "operator": "eq", "version": "6.x-0.12"}, {"name": "marc_ingram services", "operator": "eq", "version": "5.x-0.91"}, {"name": "marc_ingram services", "operator": "eq", "version": "6.x-1.x-dev"}, {"name": "marc_ingram services", "operator": "eq", "version": "5.x-0.9"}, {"name": "marc_ingram services", "operator": "eq", "version": "6.x-0.9"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": [], "cwe": ["CWE-310"]}
{}
