CVE-2008-6298

Опубликовано: 26 фев. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function."

Ссылки

http://jvn.jp/en/jp/JVN67060882/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000076.html
http://rocketeer.dip.jp/sanaki/free/free100.htm
Patch
Vendor Advisory
http://secunia.com/advisories/32581
Vendor Advisory
http://www.securityfocus.com/bid/32247
http://www.vupen.com/english/advisories/2008/3105
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46516
http://jvn.jp/en/jp/JVN67060882/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000076.html
http://rocketeer.dip.jp/sanaki/free/free100.htm
Patch
Vendor Advisory
http://secunia.com/advisories/32581
Vendor Advisory
http://www.securityfocus.com/bid/32247
http://www.vupen.com/english/advisories/2008/3105
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46516

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rocketeer.dip:sisapilocation:*:*:*:*:*:*:*:*

Версия до 1.0.2.0 (включая)

cpe:2.3:a:rocketeer.dip:sisapilocation:1.0.1.3:*:*:*:*:*:*:*

cpe:2.3:a:rocketeer.dip:sisapilocation:1.0.1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.0044

Низкий

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-jchm-wvx5-v34w

github

больше 3 лет назад