Lucene search

[email protected]CVE-2010-0554

HistoryFeb 04, 2010 - 8:15 p.m.

CVE-2010-0554

2010-02-0420:15:50

CWE-287

[email protected]

web.nvd.nist.gov

cve-2010-0554

http authentication

geo++ gncaster

security vulnerability

remote attack

authentication bypass

web session hijacking

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack.

Affected configurations

NVD

Node

geoppgeo\+\+_gncasterRange≤1.4.0.7

geoppgeo\+\+_gncasterMatch1.4.0.0

CPENameOperatorVersion
geopp:geo\+\+_gncastergeopp geo++ gncasterle1.4.0.7
geopp:geo\+\+_gncastergeopp geo++ gncastereq1.4.0.0

CPE	Name	Operator	Version
geopp:geo\+\+_gncaster	geopp geo++ gncaster	le	1.4.0.7
geopp:geo\+\+_gncaster	geopp geo++ gncaster	eq	1.4.0.0

References

osvdb.org/62014

secunia.com/advisories/38323

www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication

www.securityfocus.com/archive/1/509199/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/55977

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2010-0554

cvelist1 prion1 nvd1