CVE-2008-1106 Details

CVE-2008-1106

Published: 2008-06-09
Last Modified: 2018-10-11
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 7.1/10
Exploit Score 8.6/10
Access Vector Network
Access Complexity Medium
Authentication None
Impact Score 6.9/10
Confidentiality Impact None
Availability Impact None
Integrity Impact Complete
Vector String AV:N/AC:M/Au:N/C:N/I:C/A:N
Common Vulnerability Score System v3.1

NIST has not assigned a CVSSv3.1 Score.

Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:a:akamai_technologies:client:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:red_swoosh:client:*:*:*:*:*:*:*:* Yes - -
References

http://secunia.com/advisories/30135
http://secunia.com/secunia_research/2008-19/advisory/
http://securityreason.com/securityalert/3930
http://www.securityfocus.com/archive/1/493169/100/0/threaded
http://www.securityfocus.com/archive/1/493170/100/0/threaded
http://www.securitytracker.com/id?1020208
http://www.vupen.com/english/advisories/2008/1761/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42895

CVE ID
CVE-2008-1106
Published
2008-06-09
Modified
2018-10-11
CVSSv2.0
High
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-287

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.