CVE-2008-6569

Published Mar 31, 2009

Last updated 7 years ago

CVSS info 6.8

Overview

Description: Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References