Lucene search

[email protected]NVD:CVE-2008-1106

HistoryJun 09, 2008 - 11:32 p.m.

CVE-2008-1106

2008-06-0923:32:00

CWE-287

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

AI Score

7.6

Confidence

Low

EPSS

0.003

Percentile

65.5%

JSON

The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.

Affected configurations

NVD

Node

akamai_technologiesclientRange≤3322

red_swooshclientRange≤3322

References

secunia.com/advisories/30135

secunia.com/secunia_research/2008-19/advisory/

securityreason.com/securityalert/3930

www.securityfocus.com/archive/1/493169/100/0/threaded

www.securityfocus.com/archive/1/493170/100/0/threaded

www.securitytracker.com/id?1020208

www.vupen.com/english/advisories/2008/1761/references

exchange.xforce.ibmcloud.com/vulnerabilities/42895

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

AI Score

7.6

Confidence

Low

EPSS

0.003

Percentile

65.5%

JSON

Related for NVD:CVE-2008-1106

nessus1 prion1 securityvulns3 cvelist1 cve1 seebug1