CVE Vulnerabilities

CVE-2014-8684

Published: Sep 19, 2017 | Modified: Sep 28, 2017
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.

Affected Software

Name Vendor Start Version End Version
Codeigniter Codeigniter * 2.2.6 (including)
Kohana Kohanaframework 3.2.3 (including) 3.2.3 (including)
Kohana Kohanaframework 3.3.0 (including) 3.3.0 (including)
Kohana Kohanaframework 3.3.1 (including) 3.3.1 (including)

References