Lucene search
HistoryAug 14, 2008 - 7:41 p.m.
CVE-2008-3681
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.4 Medium
AI Score
Confidence
Low
0.099 Low
EPSS
Percentile
94.9%
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the “first enabled user (lowest id)” password, typically for the administrator.
Affected configurations
Node
joomlacom_userMatch1.5
ORjoomlacom_userMatch1.5.1
ORjoomlacom_userMatch1.5.2
ORjoomlacom_userMatch1.5.3
ORjoomlacom_userMatch1.5.4
ORjoomlacom_userMatch1.5.5
References
Related
openvas
openvas
FreeBSD Ports: joomla15
2008-09-04 00:00:00
FreeBSD Ports: joomla15
2008-09-04 00:00:00
prion
prion
Design/Logic Flaw
2008-08-14 19:41:00
Design/Logic Flaw
2008-09-18 17:59:00
cvelist
cvelist
CVE-2008-3681
2008-08-14 19:00:00
CVE-2008-4102
2008-09-18 17:47:00
nessus
nessus
FreeBSD : joomla -- flaw in the reset token validation (8514b6e7-6f0f-11dd-b3db-001c2514716c)
2008-08-21 00:00:00
Joomla! reset.php Reset Token Validation Forgery
2008-08-13 00:00:00
freebsd
freebsd
joomla -- flaw in the reset token validation
2008-08-14 00:00:00
cve
cve
CVE-2008-3681
2008-08-14 19:41:00
CVE-2008-4102
2008-09-18 17:59:32
nvd
nvd
CVE-2008-4102
2008-09-18 17:59:32
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.4 Medium
AI Score
Confidence
Low
0.099 Low
EPSS
Percentile
94.9%
Related for NVD:CVE-2008-3681