Lucene search

MitreCVE-2008-6569

HistoryMar 31, 2009 - 5:30 p.m.

CVE-2008-6569

2009-03-3117:30:00

CWE-287

mitre

web.nvd.nist.gov

cybozu garoon

session fixation

vulnerability

web sessions

hijack

cve-2008-6569

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.015

Percentile

87.2%

JSON

Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page.

Affected configurations

Nvd

Node

cybozugaroonMatch2.0.0

cybozugaroonMatch2.0.1

cybozugaroonMatch2.0.2

cybozugaroonMatch2.0.3

cybozugaroonMatch2.0.4

cybozugaroonMatch2.0.5

cybozugaroonMatch2.0.6

cybozugaroonMatch2.1.0

cybozugaroonMatch2.1.1

cybozugaroonMatch2.1.2

cybozugaroonMatch2.1.3

VendorProductVersionCPE
cybozugaroon2.0.0cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*
cybozugaroon2.0.1cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*
cybozugaroon2.0.2cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*
cybozugaroon2.0.3cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*
cybozugaroon2.0.4cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*
cybozugaroon2.0.5cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*
cybozugaroon2.0.6cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*
cybozugaroon2.1.0cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*
cybozugaroon2.1.1cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*
cybozugaroon2.1.2cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cybozu	garoon	2.0.0	cpe:2.3:a:cybozu:garoon:2.0.0:::::::*
cybozu	garoon	2.0.1	cpe:2.3:a:cybozu:garoon:2.0.1:::::::*
cybozu	garoon	2.0.2	cpe:2.3:a:cybozu:garoon:2.0.2:::::::*
cybozu	garoon	2.0.3	cpe:2.3:a:cybozu:garoon:2.0.3:::::::*
cybozu	garoon	2.0.4	cpe:2.3:a:cybozu:garoon:2.0.4:::::::*
cybozu	garoon	2.0.5	cpe:2.3:a:cybozu:garoon:2.0.5:::::::*
cybozu	garoon	2.0.6	cpe:2.3:a:cybozu:garoon:2.0.6:::::::*
cybozu	garoon	2.1.0	cpe:2.3:a:cybozu:garoon:2.1.0:::::::*
cybozu	garoon	2.1.1	cpe:2.3:a:cybozu:garoon:2.1.1:::::::*
cybozu	garoon	2.1.2	cpe:2.3:a:cybozu:garoon:2.1.2:::::::*

Rows per page:

1-10 of 111

References

cybozu.co.jp/products/dl/notice/detail/0021.html

jvn.jp/en/jp/JVN18700809/index.html

jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000034.html

osvdb.org/46564

secunia.com/advisories/30871

www.lac.co.jp/info/advisory/98.html

www.securityfocus.com/bid/29981

exchange.xforce.ibmcloud.com/vulnerabilities/43427

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.015

Percentile

87.2%

JSON

Related for CVE-2008-6569