Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3396
HistoryJun 11, 2008 - 12:00 a.m.

Akamai Red Swoosh跨站请求伪造漏洞

2008-06-1100:00:00
Root
www.seebug.org
23

0.002 Low

EPSS

Percentile

61.6%

JSON

CVE(CAN) ID: CVE-2008-1106

Red Swoosh是分布式的联网软件,用于增强文件传送和音频流功能。

Red Swoosh客户端在9421/TCP端口的环回接口上实现一个Web服务器监听管理命令。在这个接口上的授权是基于HTTP referer头的,referer头中包含有一些域的请求或没有referer的请求都可以获得授权。如果恶意站点伪造了HTTP referer的话,就会导致下载并执行任意URL的文件。

Akamai Red Swoosh 3322
Akamai

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://www.akamai.com/html/redswoosh/overview.html” target=“_blank”>http://www.akamai.com/html/redswoosh/overview.html</a>

Related

prion 1
securityvulns 3
nessus 1
cve 1
prion
prion
Cross site request forgery (csrf)
2008-06-09 23:32:00
securityvulns
securityvulns
Akamai Red Swoosh crossite scripting
2008-06-09 00:00:00
Secunia Research: Akamai Red Swoosh Cross-Site Request Forgery
2008-06-09 00:00:00
Akamai Technologies Security Advisory 2008-0003 &#40;Akamai Client Software&#41;
2008-06-09 00:00:00
nessus
nessus
Akamai Red Swoosh < 3333 referer Header Cross-Site Request Forgery
2008-06-09 00:00:00
cve
cve
CVE-2008-1106
2008-06-09 23:32:00

0.002 Low

EPSS

Percentile

61.6%

JSON
Related for SSV:3396
prion1securityvulns3nessus1cve1