CVE-2008-6599

Опубликовано: 03 апр. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."

Ссылки

http://code.google.com/p/cookiecheck/
Exploit
Patch
Vendor Advisory
http://code.google.com/p/cookiecheck/source/browse/patches/cookiecheck-1.0-security-fix-1.patch?spec=svn11&r=11
Exploit
Patch
http://osvdb.org/48865
https://exchange.xforce.ibmcloud.com/vulnerabilities/49827
http://code.google.com/p/cookiecheck/
Exploit
Patch
Vendor Advisory
http://code.google.com/p/cookiecheck/source/browse/patches/cookiecheck-1.0-security-fix-1.patch?spec=svn11&r=11
Exploit
Patch
http://osvdb.org/48865
https://exchange.xforce.ibmcloud.com/vulnerabilities/49827

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jath_pala:cookiecheck:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00294

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-84q4-xvj9-pvpg

github

больше 3 лет назад