Lucene search

MitreCVE-2008-3454

HistoryAug 04, 2008 - 7:41 p.m.

CVE-2008-3454

2008-08-0419:41:00

CWE-264

mitre

web.nvd.nist.gov

cve-2008-3454

jnshosts

php hosting directory

remote attackers

authentication bypass

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.048

Percentile

92.7%

JSON

JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the “adm” cookie value to 1.

Affected configurations

Nvd

Node

jnshostsphp_hosting_directoryMatch2.0

VendorProductVersionCPE
jnshostsphp_hosting_directory2.0cpe:2.3:a:jnshosts:php_hosting_directory:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jnshosts	php_hosting_directory	2.0	cpe:2.3:a:jnshosts:php_hosting_directory:2.0:::::::*

References

secunia.com/advisories/31235

securityreason.com/securityalert/4105

www.securityfocus.com/bid/30444

exchange.xforce.ibmcloud.com/vulnerabilities/44110

www.exploit-db.com/exploits/6163

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.048

Percentile

92.7%

JSON

Related for CVE-2008-3454