CVE-2007-2233

Sažetak

cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.

Reference

http://secunia.com/advisories/24845
http://www.securityfocus.com/archive/1/465386/100/100/threaded
http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt
http://www.vupen.com/english/advisories/2007/1359

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-10-2018 - 16:42

Objavljeno

25-04-2007 - 15:19