{"cve": [{"lastseen": "2019-05-29T18:09:25", "bulletinFamily": "NVD", "description": "The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.", "modified": "2018-10-11T20:29:00", "id": "CVE-2008-1106", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1106", "published": "2008-06-09T23:32:00", "title": "CVE-2008-1106", "type": "cve", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:C/A:N"}}], "seebug": [{"lastseen": "2017-11-19T21:40:10", "bulletinFamily": "exploit", "description": "CVE(CAN) ID: CVE-2008-1106\r\n\r\nRed Swoosh\u662f\u5206\u5e03\u5f0f\u7684\u8054\u7f51\u8f6f\u4ef6\uff0c\u7528\u4e8e\u589e\u5f3a\u6587\u4ef6\u4f20\u9001\u548c\u97f3\u9891\u6d41\u529f\u80fd\u3002\r\n\r\nRed Swoosh\u5ba2\u6237\u7aef\u57289421/TCP\u7aef\u53e3\u7684\u73af\u56de\u63a5\u53e3\u4e0a\u5b9e\u73b0\u4e00\u4e2aWeb\u670d\u52a1\u5668\u76d1\u542c\u7ba1\u7406\u547d\u4ee4\u3002\u5728\u8fd9\u4e2a\u63a5\u53e3\u4e0a\u7684\u6388\u6743\u662f\u57fa\u4e8eHTTP referer\u5934\u7684\uff0creferer\u5934\u4e2d\u5305\u542b\u6709\u4e00\u4e9b\u57df\u7684\u8bf7\u6c42\u6216\u6ca1\u6709referer\u7684\u8bf7\u6c42\u90fd\u53ef\u4ee5\u83b7\u5f97\u6388\u6743\u3002\u5982\u679c\u6076\u610f\u7ad9\u70b9\u4f2a\u9020\u4e86HTTP referer\u7684\u8bdd\uff0c\u5c31\u4f1a\u5bfc\u81f4\u4e0b\u8f7d\u5e76\u6267\u884c\u4efb\u610fURL\u7684\u6587\u4ef6\u3002\r\n\r\n\n\nAkamai Red Swoosh 3322\n Akamai\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.akamai.com/html/redswoosh/overview.html target=_blank>http://www.akamai.com/html/redswoosh/overview.html</a>", "modified": "2008-06-11T00:00:00", "published": "2008-06-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3396", "id": "SSV:3396", "type": "seebug", "title": "Akamai Red Swoosh\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "description": "====================================================================== \r\n\r\n Secunia Research 06/06/2008\r\n\r\n - Akamai Red Swoosh Cross-Site Request Forgery Vulnerabilities -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\nAkamai Red Swoosh Client version 3322.\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Highly critical\r\nImpact: System access\r\nWhere: From remote\r\n\r\n====================================================================== \r\n3) Vendor's Description of Software \r\n\r\n"Red Swoosh is distributed networking software which greatly enhances\r\nthe downloads and video streams you get from websites that support\r\nRed Swoosh technology. The Red Swoosh client handles the caching,\r\nreflecting and sharing of files delivered to you through the Swoosh\r\nnetwork.".\r\n\r\nProduct Link:\r\nhttp://www.akamai.com/html/redswoosh/overview.html\r\n\r\n====================================================================== \r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in the Red Swoosh\r\nclient which can be exploited by malicious people to conduct\r\ncross-site request forgery attacks and compromise a user's system.\r\n\r\nThe Red Swoosh client implements a web server listening on port\r\n9421/TCP on the loopback interface for management commands.\r\nAuthorisation is restricted based on the HTTP "referer" header.\r\nRequests with a "referer" header containing one of a number of\r\ndomains or no "referer" are fully authorised. By manipulating\r\nthe HTTP "referer", a malicious web page can cause files from\r\narbitrary URLs to be downloaded and executed.\r\n\r\nThe Red Swoosh client can be installed manually by visiting the\r\nAkamai website. However, more interestingly, it can also be silently\r\ninstalled by the Akamai Download Manager if a download requests Red\r\nSwoosh should be used. Once installed, the service or application\r\nwill run on startup.\r\n\r\nThe malicious file to be downloaded and executed can potentially be\r\nserved by the Red Swoosh network alleviating any bandwidth issues on\r\nthe web server.\r\n\r\n====================================================================== \r\n5) Solution \r\n\r\nUpdate to version 3333.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n13/05/2008 - Vendor notified.\r\n13/05/2008 - Vendor response.\r\n06/06/2008 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by Dyon Balding, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \r\nCVE-2008-1106 for the vulnerability.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://corporate.secunia.com/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://corporate.secunia.com/secunia_research/33/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below \r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/secunia_vacancies/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/secunia_security_advisories/ \r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2008-19/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "modified": "2008-06-09T00:00:00", "published": "2008-06-09T00:00:00", "id": "SECURITYVULNS:DOC:19993", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19993", "title": "Secunia Research: Akamai Red Swoosh Cross-Site Request Forgery", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ----------------------------------------------------\r\nAkamai Technologies Security Advisory 2008-0003\r\n\r\n\r\n* Akamai ID: 2008-0003\r\n* Date: 2008/06/06\r\n* Product Name: Akamai Client Software (formerly Red Swoosh)\r\n* Affected Versions: Up to and including 3322\r\n* Fixed Version: 3333\r\n* CVE IDs: CVE-2008-1106\r\n* CVSS Base Score: 5.53\r\n\r\n* Product Description:\r\n\r\nThe Akamai Client Software is a software layer that securely stores and\r\ntransfers files to enhance content delivery.\r\n\r\n\r\n* Vulnerability Description:\r\n\r\nAkamai has become aware of a security vulnerability within the Akamai\r\nClient Software which can be exploited to conduct cross-site request\r\nforgery attacks. This vulnerability exists only in the Akamai Client\r\nSoftware and does not affect Akamai's other services in any way.\r\nAkamai has no evidence to date that any attempt has been made to exploit\r\nthis vulnerability.\r\n\r\n\r\n* Patch Instructions:\r\n\r\nNo user interaction is required. Clients will be automatically upgraded.\r\n\r\n\r\n* Credit:\r\n\r\nCVE-2008-1106 was independently discovered and brought to Akamai's\r\nattention by Dyon Balding of Secunia Research.\r\n\r\n\r\n* About Akamai:\r\n\r\nAkamai(r) is the leading global service provider for accelerating\r\ncontent and business processes online. Thousands of organizations have\r\nformed trusted relationships with Akamai, improving their revenue and\r\nreducing costs by maximizing the performance of their online businesses.\r\nLeveraging the Akamai EdgePlatform, these organizations gain business\r\nadvantage today, and have the foundation for the emerging Web solutions\r\nof tomorrow. Akamai is "The Trusted Choice for Online Business." For\r\nmore information, visit www.akamai.com.\r\n\r\n\r\nOur GPG public key:\r\nhttp://www.akamai.com/dl/akamai/Akamai_Security_General.pub\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (Darwin)\r\n\r\niQIcBAEBAgAGBQJISVLQAAoJEEngXEVbkoPOu3IQAJ4gOT9aCwG+f1ZJYLReUC8Y\r\nC5GIL0W2IVPhiRsNbFBZvlDze+d0y8kHLuXgNPerD0biGIi97Jl1mOU/RcnO2Ynn\r\nbV3glkkDdfdUtobrHRl9A8Fd2Y8GekF0QkB6ehqqFbRl81CMftykVwm/PkwqXFTF\r\nGxUOaw2TsjLwrYMQdkR+PN9P5P2oNwG3khtMnFugSNeEmtH5EoE8QYVWqFovho3X\r\no6+e8/XzHC5eoF8S3VU7xHzQaoL45Wc6oRGMPn/FAbD+r5jmpzsI+vutc+yo1ZkG\r\nGYJMxu33ny+OVncKrQo+WmX1yPqA5ahWlBEWn0FuPzaxW8SomAu02OV77mspcG9j\r\nApJc9S53zDP+fFiCwcEYiogzOfkHO7rt1qtwrj6jCvPphh3GKHR2zOt48zCOqY6c\r\nQ6poYoZyPSTUQz1UQzTJ2ck0oyOGSQpOMXDPxBK81g5DPhkt8BlxZ8KDXMBH49Pt\r\nzCQeMTSYu3cjBab49fc1NB40bB0WO/isz7lCHtPvudiItpqVAvngZp6hpKX2fLF4\r\nKFR4qyoBU6zYA0VWnWiM5TMP+aEW/zumt9WcruauqtC8UbHGHlMftptAEa9ZmmEu\r\nRwDb3UPinnOmeF3dz32l3EY9t39/Eqop/hglpyKkj44UjCRwAy/a1N7pU7NmDdWj\r\nYR5C4Mv+U3Ptp0SNPFvt\r\n=ie/v\r\n-----END PGP SIGNATURE-----", "modified": "2008-06-09T00:00:00", "published": "2008-06-09T00:00:00", "id": "SECURITYVULNS:DOC:19994", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19994", "title": "Akamai Technologies Security Advisory 2008-0003 (Akamai Client Software)", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}], "nessus": [{"lastseen": "2019-11-01T03:29:30", "bulletinFamily": "scanner", "description": "The remote host is running Akamai Red Swoosh client, which handles\nsoftware distribution via the Swoosh network.\n\nThe version of Red Swoosh installed on the remote host includes a web\nserver that listens on the loopback interface for management commands\nbut it fails to properly sanitize the HTTP Referer header. By tricking\na user on the affected host into visiting a specially crafted web\npage, an attacker can leverage this issue to cause files from\narbitrary URLs to be downloaded and executed on the remote host\nsubject to the user", "modified": "2019-11-02T00:00:00", "id": "REDSWOOSH_3333.NASL", "href": "https://www.tenable.com/plugins/nessus/33126", "published": "2008-06-09T00:00:00", "title": "Akamai Red Swoosh < 3333 referer Header Cross-Site Request Forgery", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33126);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\"CVE-2008-1106\");\n script_bugtraq_id(29587);\n script_xref(name:\"Secunia\", value:\"30135\");\n\n script_name(english:\"Akamai Red Swoosh < 3333 referer Header Cross-Site Request Forgery\");\n script_summary(english:\"Checks registry for version of Red Swoosh DLL\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A remote Windows host contains a program that is affected by a\ncross-site request forgery vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Akamai Red Swoosh client, which handles\nsoftware distribution via the Swoosh network.\n\nThe version of Red Swoosh installed on the remote host includes a web\nserver that listens on the loopback interface for management commands\nbut it fails to properly sanitize the HTTP Referer header. By tricking\na user on the affected host into visiting a specially crafted web\npage, an attacker can leverage this issue to cause files from\narbitrary URLs to be downloaded and executed on the remote host\nsubject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/secunia_research/2008-19/advisory/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/493170/30/0/threaded\" );\n script_set_attribute(attribute:\"solution\", value:\"Update to Red Swoosh version 3333 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287,352);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_enum_services.nasl\", \"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\n\n\nif (!get_kb_item(\"SMB/Registry/Enumerated\")) exit(1, \"KB 'SMB/Registry/Enumerated' not set to TRUE.\");\n\n\n# Make sure the Akamai service is running, unless we're being paranoid.\nif (report_paranoia < 2)\n{\n services = get_kb_item(\"SMB/svcs\");\n if (!services || \"Akamai\" >!< services) exit(0);\n}\n\n\n# Connect to the appropriate share.\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, \"smb_session_init\");\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL,\"IPC$\");\n}\n\n\n# Connect to remote registry.\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n audit(AUDIT_REG_FAIL);\n}\n\n\n# Find the service dll.\ndll = NULL;\n\nkey = \"SYSTEM\\CurrentControlSet\\Services\\Akamai\\Parameters\";\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n value = RegQueryValue(handle:key_h, item:\"ServiceDll\");\n if (!isnull(value)) dll = value[1];\n\n RegCloseKey(handle:key_h);\n}\nRegCloseKey(handle:hklm);\nif (isnull(dll))\n{\n NetUseDel();\n exit(0);\n}\n\n\n# Make sure the dll exists.\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:dll);\ndll2 = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\", string:dll);\nNetUseDel(close:FALSE);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL,share);\n}\n\nfh = CreateFile(\n file:dll2,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n);\nversion = NULL;\nif (!isnull(fh))\n{\n CloseFile(handle:fh);\n\n # Take the version number from the filename itself.\n if (eregmatch(pattern:\"^.+rswin_([0-9]+)\\.dll$\", string:dll))\n version = ereg_replace(pattern:\"^.+rswin_([0-9]+)\\.dll$\", replace:\"\\1\", string:dll);\n}\nNetUseDel();\n\n\n# Check the version number.\nif (!isnull(version))\n{\n if (int(version) < 3333)\n {\n if (report_verbosity)\n {\n path = ereg_replace(pattern:\"^(.+)\\\\rswin_[0-9]+\\.dll$\", replace:\"\\1\", string:dll);\n report = string(\n \"\\n\",\n \"Akamai Red Swoosh version \", version, \" is installed under :\\n\",\n \"\\n\",\n \" \", path, \"\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n set_kb_item(name: 'www/0/XSS', value: TRUE);\t# Maybe integrist...\n }\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:C/A:N"}}]}
