Lucene search
HistoryAug 06, 2009 - 5:30 p.m.
CVE-2008-6908
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.003
Percentile
70.3%
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.
Affected configurations
Node
marc_ingramservicesMatch5.x-0.9
ORmarc_ingramservicesMatch5.x-0.91
ORmarc_ingramservicesMatch5.x-1.x-dev
ORmarc_ingramservicesMatch6.x-0.9
ORmarc_ingramservicesMatch6.x-0.11
ORmarc_ingramservicesMatch6.x-0.12
ORmarc_ingramservicesMatch6.x-1.x-dev
drupaldrupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| marc_ingram | services | 5.x-0.9 | cpe:2.3:a:marc_ingram:services:5.x-0.9:*:*:*:*:*:*:* |
| marc_ingram | services | 5.x-0.91 | cpe:2.3:a:marc_ingram:services:5.x-0.91:*:*:*:*:*:*:* |
| marc_ingram | services | 5.x-1.x-dev | cpe:2.3:a:marc_ingram:services:5.x-1.x-dev:*:*:*:*:*:*:* |
| marc_ingram | services | 6.x-0.9 | cpe:2.3:a:marc_ingram:services:6.x-0.9:*:*:*:*:*:*:* |
| marc_ingram | services | 6.x-0.11 | cpe:2.3:a:marc_ingram:services:6.x-0.11:*:*:*:*:*:*:* |
| marc_ingram | services | 6.x-0.12 | cpe:2.3:a:marc_ingram:services:6.x-0.12:*:*:*:*:*:*:* |
| marc_ingram | services | 6.x-1.x-dev | cpe:2.3:a:marc_ingram:services:6.x-1.x-dev:*:*:*:*:*:*:* |
| drupal | drupal | * | cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2009-08-06 17:30:00
cve
cve
CVE-2008-6908
2009-08-06 17:30:00
cvelist
cvelist
CVE-2008-6908
2009-08-06 17:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.003
Percentile
70.3%
Related for NVD:CVE-2008-6908