CVE Vulnerabilities

CVE-2008-5809

Improper Authentication

Published: Jan 02, 2009 | Modified: Feb 26, 2009
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Access_analyzer_cgi Futomi 4.7 4.7
Access_analyzer_cgi Futomi 4.0 4.0
Access_analyzer_cgi Futomi 2.4 2.4
Access_analyzer_cgi Futomi 4.8 4.8
Access_analyzer_cgi Futomi 3.1 3.1
Access_analyzer_cgi Futomi 4.11.3 4.11.3
Access_analyzer_cgi Futomi 3.4 3.4
Access_analyzer_cgi Futomi 3.4 3.4
Access_analyzer_cgi Futomi 1.2 1.2
Access_analyzer_cgi Futomi 4.11.0 4.11.0
Access_analyzer_cgi Futomi 1.1 1.1
Access_analyzer_cgi Futomi 4.2 4.2
Access_analyzer_cgi Futomi nil nil
Access_analyzer_cgi Futomi 1.0 1.0
Access_analyzer_cgi Futomi 3.8 3.8
Access_analyzer_cgi Futomi 1.1 1.1
Access_analyzer_cgi Futomi 2.3 2.3
Access_analyzer_cgi Futomi 4.10.1 4.10.1
Access_analyzer_cgi Futomi 2.2 2.2
Access_analyzer_cgi Futomi 3.2 3.2
Access_analyzer_cgi Futomi 1.5 1.5
Access_analyzer_cgi Futomi 3.5 3.5
Access_analyzer_cgi Futomi 4.0.0 4.0.0
Access_analyzer_cgi Futomi 3.5 3.5
Access_analyzer_cgi Futomi 4.6 4.6
Access_analyzer_cgi Futomi 2.0 2.0
Access_analyzer_cgi Futomi 3.0 3.0
Access_analyzer_cgi Futomi 4.11.2 4.11.2
Access_analyzer_cgi Futomi 4.5 4.5
Access_analyzer_cgi Futomi 4.10.4 4.10.4
Access_analyzer_cgi Futomi 3.3 3.3
Access_analyzer_cgi Futomi 4.4 4.4
Access_analyzer_cgi Futomi 2.1 2.1
Access_analyzer_cgi Futomi 4.10.5 4.10.5
Access_analyzer_cgi Futomi 1.3 1.3
Access_analyzer_cgi Futomi 3.3 3.3
Access_analyzer_cgi Futomi 4.10.3 4.10.3
Access_analyzer_cgi Futomi 4.1 4.1
Access_analyzer_cgi Futomi 2.3 2.3
Access_analyzer_cgi Futomi 1.4 1.4
Access_analyzer_cgi Futomi 1.6 1.6
Access_analyzer_cgi Futomi 1.3 1.3
Access_analyzer_cgi Futomi 4.3 4.3
Access_analyzer_cgi Futomi * 4.0.1
Access_analyzer_cgi Futomi 4.11.1 4.11.1
Access_analyzer_cgi Futomi 2.0 2.0
Access_analyzer_cgi Futomi 2.4 2.4
Access_analyzer_cgi Futomi 1.7 1.7
Access_analyzer_cgi Futomi 3.2 3.2
Access_analyzer_cgi Futomi 4.10 4.10
Access_analyzer_cgi Futomi 1.4 1.4
Access_analyzer_cgi Futomi 4.10.2 4.10.2
Access_analyzer_cgi Futomi 3.7 3.7
Access_analyzer_cgi Futomi 1.2 1.2
Access_analyzer_cgi Futomi 3.1 3.1
Access_analyzer_cgi Futomi 3.0 3.0
Access_analyzer_cgi Futomi 2.2 2.2
Access_analyzer_cgi Futomi 3.6 3.6
Access_analyzer_cgi Futomi 4.9 4.9
Access_analyzer_cgi Futomi nil nil
Access_analyzer_cgi Futomi 2.1 2.1
Access_analyzer_cgi Futomi 3.8.1 3.8.1

Potential Mitigations

References