Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6121

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6121
Last Modified 24 Apr 2009 12:00:00
Published 11 Feb 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6121

Summary

CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie.

Vulnerable Systems

Application

  • Socialengine 2.7


References

XF - socialengine-phpsessid-response-splitting(46771)

BID - 32382

BUGTRAQ - 20081120 Social Engine 2.7 CRLF Injection + SQL injection


Last Updated: 27 May 2016 10:49:04