CVE-2014-8686

Sažetak

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.

Reference

http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html
https://beyondbinary.io/articles/seagate-nas-rce/
https://codeigniter.com/userguide2/changelog.html
https://www.dionach.com/blog/codeigniter-session-decoding-vulnerability

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-09-2017 - 18:19

Objavljeno

19-09-2017 - 19:29