CVE Vulnerabilities

CVE-2008-7019

Improper Authentication

Published: Aug 21, 2009 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Esqlanelapse Esqlanelapse 2.6.1 2.6.1
Esqlanelapse Esqlanelapse 2.6.2 2.6.2

Potential Mitigations

References