Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2437

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2437
Last Modified 17 Aug 2013 02:44:52
Published 26 Nov 2012 07:45:22
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2437

Summary

cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter.

Vulnerable Systems

Application

  • Awcm-cms Ar Web Content Manager 2.2


References

BUGTRAQ - 20121108 Vulnerability Report on AWCM 2.2

XF - awcm-cookie-sec-bypass(79926)

MISC - http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html


Last Updated: 27 May 2016 10:50:02