CVE-2008-3228 - OpenCVE

Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Joomla	Joomla

Configuration 1 [-]

OR	cpe:2.3:a:joomla:joomla::::::::
	cpe:2.3:a:joomla:joomla:1.0:::::::*
	cpe:2.3:a:joomla:joomla:1.0.0:::::::*
	cpe:2.3:a:joomla:joomla:1.0.1:::::::*
	cpe:2.3:a:joomla:joomla:1.0.2:::::::*
	cpe:2.3:a:joomla:joomla:1.0.3:::::::*
	cpe:2.3:a:joomla:joomla:1.0.4:::::::*
	cpe:2.3:a:joomla:joomla:1.0.5:::::::*
	cpe:2.3:a:joomla:joomla:1.0.6:::::::*
	cpe:2.3:a:joomla:joomla:1.0.7:::::::*
	cpe:2.3:a:joomla:joomla:1.0.8:::::::*
	cpe:2.3:a:joomla:joomla:1.0.9:::::::*
	cpe:2.3:a:joomla:joomla:1.0.10:::::::*
	cpe:2.3:a:joomla:joomla:1.0.11:::::::*
	cpe:2.3:a:joomla:joomla:1.0.12:::::::*
	cpe:2.3:a:joomla:joomla:1.0.13:::::::*
	cpe:2.3:a:joomla:joomla:1.03:::::::*
	cpe:2.3:a:joomla:joomla:1.5:::::::*
	cpe:2.3:a:joomla:joomla:1.5.0_beta:::::::*
	cpe:2.3:a:joomla:joomla:1.5.0_beta1:::::::*
	cpe:2.3:a:joomla:joomla:1.5.0_beta2:::::::*
	cpe:2.3:a:joomla:joomla:1.5.0_rc1:::::::*
	cpe:2.3:a:joomla:joomla:1.5.1:::::::*
	cpe:2.3:a:joomla:joomla:1.5.2:::::::*

References

Link	Resource
http://www.joomla.org/content/view/5180/1/
http://www.joomla.org/content/view/5180/1/1/1/#htaccess
http://www.openwall.com/lists/oss-security/2008/07/12/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/44206

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-07-18T16:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-07-18T00:00:00

Link: CVE-2008-3228

JSON object: View

NVD Information

Status : Modified

Published: 2008-07-18T16:41:00.000

Modified: 2017-08-08T01:31:41.670

Link: CVE-2008-3228

JSON object: View

Redhat Information

No data.

CWE

CWE-16

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20080712 CVE requests: joomla <1.5.4", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.joomla.org/content/view/5180/1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"}, {"name": "joomla-block-common-unspecified(44206)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3228", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20080712 CVE requests: joomla <1.5.4", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"}, {"name": "http://www.joomla.org/content/view/5180/1/", "refsource": "CONFIRM", "url": "http://www.joomla.org/content/view/5180/1/"}, {"name": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess", "refsource": "CONFIRM", "url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"}, {"name": "joomla-block-common-unspecified(44206)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3228", "datePublished": "2008-07-18T16:00:00", "dateReserved": "2008-07-18T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*", "matchCriteriaId": "46425F76-D765-4432-85F2-49B80BD87097", "versionEndIncluding": "1.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9709F901-EDD2-4369-89F0-8AF3A63655E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CC268591-FDFD-42A2-887F-4F1639CAB73C", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E8E5942-AB17-45E8-B3D3-4DDD1DFA48D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "89946AA1-0694-44A5-962E-ED36B4BFCE9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6024ABB5-0CB7-4874-8758-CC6FBF3073D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A41E39D9-ADD7-41A1-9E38-BD418B59E5E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "05C21464-3FD4-4528-A512-7C0DE70E331C", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "663EE640-2BE7-42FC-B848-7379C6DADA60", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "DAA2374C-E9D8-40E4-A4E5-E4F95E04E226", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "A0B64E85-CA80-46A6-9E62-B1F28CBED5CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "D4007FCB-589A-413D-8009-64404926CA7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "F6B0B037-5E62-4069-AF35-F05A777E05D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "314E12E1-107E-4AB3-8092-9F6C2C5FA11B", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "65860314-7B34-46B4-BA29-1A8EA715BF00", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "A235591C-1860-4877-8B61-7390EE359E12", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.03:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9C4B0-5B4B-4103-AA4E-419E08C22306", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta:*:*:*:*:*:*:*", "matchCriteriaId": "16F243A8-5513-4BB7-AB55-5A715D5AE546", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "F95550B4-3620-42D8-99AC-369126CDDFAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "BC0429EF-3848-4E72-999E-719DB54A7429", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "F12537ED-A4EB-40F9-AC00-B796169E114D", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."}, {"lang": "es", "value": "Joomla! anterior a 1.5.4 no aplica a .htaccess determinados controles de seguridad que bloquean exploits comunes a URLs con el plugin SEF, lo cual tiene un impacto desconocido y vectores de ataque remotos."}], "id": "CVE-2008-3228", "lastModified": "2017-08-08T01:31:41.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-07-18T16:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.joomla.org/content/view/5180/1/"}, {"source": "cve@mitre.org", "url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}