Lucene search

Kaspersky LabKLA10054

HistoryJun 04, 2008 - 12:00 a.m.

KLA10054 ACE vulnerability in Akamai Download Manager

2008-06-0400:00:00

Kaspersky Lab

threats.kaspersky.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.16 Low

EPSS

Percentile

95.9%

JSON

Detect date:

06/04/2008

Severity:

Critical

Description:

CRLF injection vulnerability was found in the Akamai Download Manager. By using this vulnerability spiteful abuser can execute arbitrary code. This vulnerability can be exploited from network at point related to unknown. Via specially designed URL.

Affected products:

Akamai Download Manager 2 versions 2.2.3.5 and earlier

Solution:

Update to latest version

Original advisories:

vulnerability description

Impacts:

ACE

Related products:

Akamai Download Manager ActiveX Control

CVE-IDS:

CVE-2008-17709.3Critical

Exploitation:

Public exploits exist for this vulnerability.

References

www.cvedetails.com/cve/CVE-2008-1770/

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1770

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Akamai-Download-Manager-ActiveX-Control/

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.16 Low

EPSS

Percentile

95.9%

JSON

Related for KLA10054