Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1770

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1770
Last Modified 03 Oct 2013 03:32:51
Published 04 Jun 2008 05:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1770

Summary

CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line.

Vulnerable Systems

Application

  • Akamai Download Manager 2.0.4.4

  • Akamai Download Manager 2.2.0.0

  • Akamai Download Manager 2.2.1.0

  • Akamai Download Manager 2.2.3.5


References

XF - downloadmanager-url-code-execution(42879)

VUPEN - ADV-2008-1746

SECTRACK - 1020194

BUGTRAQ - 20080605 Akamai Download Manager File Downloaded To Arbitrary Location Vulnerability

BUGTRAQ - 20080604 Akamai Technologies Security Advisory 2008-0001 (Download Manager)

MILW0RM - 5741

SECUNIA - 30537


Last Updated: 27 May 2016 10:47:38