CVE-2014-8686

Опубликовано: 19 сент. 2017

Источник: debian

Описание

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
codeigniter	itp			package

Связанные уязвимости

CVE-2014-8686

CVSS3: 9.8

nvd

больше 8 лет назад

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.

GHSA-xrhp-vgm2-2xvr

CVSS3: 9.8

github

больше 3 лет назад

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.