Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0910

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2011-0910
Last Modified 14 Feb 2011 12:00:00
Published 08 Feb 2011 04:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-0910

Summary

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

Vulnerable Systems

Application

  • Vanillaforums Vanilla Forums 2.0.10

  • Vanillaforums Vanilla Forums 2.0.11

  • Vanillaforums Vanilla Forums 2.0.12

  • Vanillaforums Vanilla Forums 2.0.13

  • Vanillaforums Vanilla Forums 2.0.14

  • Vanillaforums Vanilla Forums 2.0.15

  • Vanillaforums Vanilla Forums 2.0.16

  • Vanillaforums Vanilla Forums 2.0.17

  • Vanillaforums Vanilla Forums 2.0.17.1

  • Vanillaforums Vanilla Forums 2.0.17.2

  • Vanillaforums Vanilla Forums 2.0.17.3

  • Vanillaforums Vanilla Forums 2.0.17.4

  • Vanillaforums Vanilla Forums 2.0.17.5

  • Vanillaforums Vanilla Forums 2.0.9


References

CONFIRM - http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729


Last Updated: 27 May 2016 10:56:06