Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2780

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-2780
Last Modified 07 Mar 2011 10:09:44
Published 19 Jun 2008 04:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2780

Summary

The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file.

Vulnerable Systems

Application

  • Albinoloverats Anubis Plugin 1.2


References

CONFIRM - https://albinoloverats.net/index.php?option=com_content&task=view&id=60&Itemid=2

XF - anubis-filesize-information-disclosure(42652)

VUPEN - ADV-2008-1663

SECUNIA - 30388


Last Updated: 27 May 2016 10:47:58