CVE Vulnerabilities

CVE-2008-5809

Improper Authentication

Published: Jan 02, 2009 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Access_analyzer_cgi Futomi * 4.0.1 (including)
Access_analyzer_cgi Futomi nil-beta1 (including) nil-beta1 (including)
Access_analyzer_cgi Futomi nil-beta2 (including) nil-beta2 (including)
Access_analyzer_cgi Futomi 1.0 (including) 1.0 (including)
Access_analyzer_cgi Futomi 1.1 (including) 1.1 (including)
Access_analyzer_cgi Futomi 1.2 (including) 1.2 (including)
Access_analyzer_cgi Futomi 1.3 (including) 1.3 (including)
Access_analyzer_cgi Futomi 1.4 (including) 1.4 (including)
Access_analyzer_cgi Futomi 1.5 (including) 1.5 (including)
Access_analyzer_cgi Futomi 1.6 (including) 1.6 (including)
Access_analyzer_cgi Futomi 1.7 (including) 1.7 (including)
Access_analyzer_cgi Futomi 2.0 (including) 2.0 (including)
Access_analyzer_cgi Futomi 2.1 (including) 2.1 (including)
Access_analyzer_cgi Futomi 2.2 (including) 2.2 (including)
Access_analyzer_cgi Futomi 2.3 (including) 2.3 (including)
Access_analyzer_cgi Futomi 2.4 (including) 2.4 (including)
Access_analyzer_cgi Futomi 3.0 (including) 3.0 (including)
Access_analyzer_cgi Futomi 3.1 (including) 3.1 (including)
Access_analyzer_cgi Futomi 3.2 (including) 3.2 (including)
Access_analyzer_cgi Futomi 3.3 (including) 3.3 (including)
Access_analyzer_cgi Futomi 3.4 (including) 3.4 (including)
Access_analyzer_cgi Futomi 3.5 (including) 3.5 (including)
Access_analyzer_cgi Futomi 3.6 (including) 3.6 (including)
Access_analyzer_cgi Futomi 3.7 (including) 3.7 (including)
Access_analyzer_cgi Futomi 3.8 (including) 3.8 (including)
Access_analyzer_cgi Futomi 3.8.1 (including) 3.8.1 (including)
Access_analyzer_cgi Futomi 4.0 (including) 4.0 (including)
Access_analyzer_cgi Futomi 4.0.0 (including) 4.0.0 (including)
Access_analyzer_cgi Futomi 4.1 (including) 4.1 (including)
Access_analyzer_cgi Futomi 4.2 (including) 4.2 (including)
Access_analyzer_cgi Futomi 4.3 (including) 4.3 (including)
Access_analyzer_cgi Futomi 4.4 (including) 4.4 (including)
Access_analyzer_cgi Futomi 4.5 (including) 4.5 (including)
Access_analyzer_cgi Futomi 4.6 (including) 4.6 (including)
Access_analyzer_cgi Futomi 4.7 (including) 4.7 (including)
Access_analyzer_cgi Futomi 4.8 (including) 4.8 (including)
Access_analyzer_cgi Futomi 4.9 (including) 4.9 (including)
Access_analyzer_cgi Futomi 4.10 (including) 4.10 (including)
Access_analyzer_cgi Futomi 4.10.1 (including) 4.10.1 (including)
Access_analyzer_cgi Futomi 4.10.2 (including) 4.10.2 (including)
Access_analyzer_cgi Futomi 4.10.3 (including) 4.10.3 (including)
Access_analyzer_cgi Futomi 4.10.4 (including) 4.10.4 (including)
Access_analyzer_cgi Futomi 4.10.5 (including) 4.10.5 (including)
Access_analyzer_cgi Futomi 4.11.0 (including) 4.11.0 (including)
Access_analyzer_cgi Futomi 4.11.1 (including) 4.11.1 (including)
Access_analyzer_cgi Futomi 4.11.2 (including) 4.11.2 (including)
Access_analyzer_cgi Futomi 4.11.3 (including) 4.11.3 (including)

Potential Mitigations

References