The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: flexera
Published: 2008-06-09T23:00:00
Updated: 2018-10-11T19:57:01
Reserved: 2008-02-29T00:00:00
Link: CVE-2008-1106
JSON object: View
NVD Information
Status : Modified
Published: 2008-06-09T23:32:00.000
Modified: 2018-10-11T20:29:40.367
Link: CVE-2008-1106
JSON object: View
Redhat Information
No data.