Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2970

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2970
Last Modified 14 Apr 2009 01:33:08
Published 02 Jul 2008 01:14:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2970

Summary

Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.

Vulnerable Systems

Application

  • Yektaweb Academic Web Tools 1.4.2.8

  • Yektaweb Academic Web Tools 1.4.3.1


References

XF - academicwebtools-index-session-hijacking(43179)

BID - 29813

BUGTRAQ - 20080619 Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities

MISC - http://www.bugreport.ir/?/44

SREASON - 3959


Last Updated: 27 May 2016 10:48:02