Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6298

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-6298
Last Modified 13 Mar 2009 01:45:39
Published 26 Feb 2009 11:17:19
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6298

Summary

Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function."

Vulnerable Systems

Application

  • Rocketeer.dip Sisapilocation 1.0.1.3

  • Rocketeer.dip Sisapilocation 1.0.1.4

  • Rocketeer.dip Sisapilocation 1.0.2.0


References

CONFIRM - http://rocketeer.dip.jp/sanaki/free/free100.htm

XF - sisapilocation-httpheaders-security-bypass(46516)

VUPEN - ADV-2008-3105

BID - 32247

SECUNIA - 32581

JVNDB - JVNDB-2008-000076

JVN - JVN#67060882


Last Updated: 27 May 2016 10:49:08