Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1106

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-1106
Last Modified 07 Mar 2011 10:05:57
Published 09 Jun 2008 07:32:00
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1106

Summary

The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.

Vulnerable Systems

Application

  • Akamai Technologies Client 3322

  • Red Swoosh Client 3322


References

SECUNIA - 30135

XF - redswoosh-http-csrf(42895)

VUPEN - ADV-2008-1761

BUGTRAQ - 20080606 Secunia Research: Akamai Red Swoosh Cross-Site Request Forgery

BUGTRAQ - 20080606 Akamai Technologies Security Advisory 2008-0003 (Akamai Client Software)

SREASON - 3930

MISC - http://secunia.com/secunia_research/2008-19/advisory/

SECTRACK - 1020208


Last Updated: 27 May 2016 10:47:01