Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3375

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3375
Last Modified 19 Aug 2009 01:17:29
Published 30 Jul 2008 01:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3375

Summary

The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.

Vulnerable Systems

Application

  • Jamroom 1.0

  • Jamroom 2.0.9

  • Jamroom 2.6.10

  • Jamroom 2.6.11

  • Jamroom 2.6.12

  • Jamroom 2.60

  • Jamroom 2.61

  • Jamroom 2.62

  • Jamroom 2.63

  • Jamroom 2.64

  • Jamroom 2.65

  • Jamroom 2.66

  • Jamroom 2.67

  • Jamroom 2.68

  • Jamroom 2.69

  • Jamroom 3.0

  • Jamroom 3.0.1

  • Jamroom 3.0.10

  • Jamroom 3.0.11

  • Jamroom 3.0.12

  • Jamroom 3.0.13

  • Jamroom 3.0.14

  • Jamroom 3.0.15

  • Jamroom 3.0.16

  • Jamroom 3.0.17

  • Jamroom 3.0.18

  • Jamroom 3.0.19

  • Jamroom 3.0.2

  • Jamroom 3.0.20

  • Jamroom 3.0.21

  • Jamroom 3.0.22

  • Jamroom 3.0.23

  • Jamroom 3.0.24

  • Jamroom 3.0.25

  • Jamroom 3.0.26

  • Jamroom 3.0.27

  • Jamroom 3.0.28

  • Jamroom 3.0.29

  • Jamroom 3.0.3

  • Jamroom 3.0.30

  • Jamroom 3.0.4

  • Jamroom 3.0.5

  • Jamroom 3.0.6

  • Jamroom 3.0.7

  • Jamroom 3.0.8

  • Jamroom 3.0.9

  • Jamroom 3.1.0

  • Jamroom 3.1.1

  • Jamroom 3.1.2

  • Jamroom 3.1.3

  • Jamroom 3.1.4

  • Jamroom 3.1.5

  • Jamroom 3.2.0

  • Jamroom 3.2.1

  • Jamroom 3.2.2

  • Jamroom 3.2.3

  • Jamroom 3.2.4

  • Jamroom 3.2.5

  • Jamroom 3.2.6

  • Jamroom 3.3.0

  • Jamroom 3.3.1

  • Jamroom 3.3.2

  • Jamroom 3.3.3

  • Jamroom 3.3.4

  • Jamroom 3.3.5

  • Jamroom 3.3.6

  • Jamroom 3.3.7

  • Jamroom 3.3.8


References

CONFIRM - http://www.jamroom.net/phpBB2/viewtopic.php?t=24454

XF - jamroom-jamroommiscinc-auth-bypass(44048)

BID - 30406

BUGTRAQ - 20080728 JamRoom <= 3.3.8 Authentication Bypass

CONFIRM - http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1178

MISC - http://www.gulftech.org/?node=research&article_id=00117-07282008

SREASON - 4069

SECUNIA - 31249


Last Updated: 27 May 2016 10:48:10