Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6342

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6342
Last Modified 01 Apr 2009 01:25:36
Published 13 Dec 2007 04:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6342

Summary

SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.

Vulnerable Systems

Application

  • David Castro Apache Authcas 0.4


References

BID - 26762

BUGTRAQ - 20080323 Re: Potential SQL injection vulnerability in Apache::AuthCAS

BUGTRAQ - 20071207 Potential SQL injection vulnerability in Apache::AuthCAS

SREASON - 3439

SECUNIA - 29492

CONFIRM - http://search.cpan.org/src/DCASTRO/Apache-AuthCAS-0.5/Changes


Last Updated: 27 May 2016 10:46:28