Lucene search
MitreCVE-2008-2970HistoryJul 02, 2008 - 5:14 p.m.
CVE-2008-2970
2008-07-0217:14:00
CWE-20
mitre
web.nvd.nist.gov
18
cve-2008-2970
session fixation
vulnerability
awt yekta
phpsessid
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.009
Percentile
82.9%
Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.
Affected configurations
Node
yektawebacademic_web_toolsRange≤1.4.2.8
ORyektawebacademic_web_toolsRange≤1.4.3.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| yektaweb | academic_web_tools | * | cpe:2.3:a:yektaweb:academic_web_tools:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2008-2970
2008-07-02 17:14:00
prion
prion
Session fixation
2008-07-02 17:14:00
cvelist
cvelist
CVE-2008-2970
2008-07-02 17:00:00
exploitdb
exploitdb
Yektaweb Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities
2008-06-19 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.009
Percentile
82.9%
Related for CVE-2008-2970