CVE-2008-3428

Published Jul 31, 2008

Last updated 7 years ago

Overview

Description: Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6204C447-457D-452E-A03E-89F1AE56D5A1"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A338D15-82E9-4DE5-AF2A-F8D0D50237DE"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5815AA94-0486-4273-ADFF-6BD672849742"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE81B0EF-6B46-46F0-B9B1-E78A145FA709"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7158BE17-6E19-42BC-8C97-9EDFD8FBC269"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA6D6553-A28D-4DC6-91B8-F0F509853E88"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "921349BA-B7F6-4E63-ADE6-5E6C7516FFF0"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CD0845B-45FF-45FA-87E4-58332261379A"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A21FAE77-B7A5-49DF-95BC-9B1AB13A63E2"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2500C344-139C-43EF-B482-D3F3A65FE2DB"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A6B4B10-2406-46C0-A834-C0582AD759EF"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.0:final:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "041AA248-D53A-4E2A-BC5C-13640624347B"
          },
          {
            "criteria": "cpe:2.3:a:phpfreechat:phpfreechat:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C85EE665-4438-43C8-9F19-F8212F023CCD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References