CVE-2008-6331 - OpenCVE

Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Streber-pm	Streber

Configuration 1 [-]

OR	cpe:2.3:a:streber-pm:streber::::::::
	cpe:2.3:a:streber-pm:streber:0.08:::::::*
	cpe:2.3:a:streber-pm:streber:0.054:::::::*
	cpe:2.3:a:streber-pm:streber:0.055:::::::*
	cpe:2.3:a:streber-pm:streber:0.056:::::::*
	cpe:2.3:a:streber-pm:streber:0.078:::::::*
	cpe:2.3:a:streber-pm:streber:0.079:::::::*
	cpe:2.3:a:streber-pm:streber:0.0791:::::::*
	cpe:2.3:a:streber-pm:streber:0.0792:::::::*
	cpe:2.3:a:streber-pm:streber:0.0794:::::::*
	cpe:2.3:a:streber-pm:streber:0.0795:::::::*
	cpe:2.3:a:streber-pm:streber:0.0796:::::::*
	cpe:2.3:a:streber-pm:streber:0.0801:::::::*
	cpe:2.3:a:streber-pm:streber:0.07991:::::::*

References

Link	Resource
http://osvdb.org/49893
http://secunia.com/advisories/32739	Vendor Advisory
http://sourceforge.net/project/shownotes.php?group_id=145255&release_id=640914	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/46674

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-27T16:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-02-27T00:00:00

Link: CVE-2008-6331

JSON object: View

NVD Information

Status : Modified

Published: 2009-02-27T16:30:08.217

Modified: 2017-08-17T01:29:13.707

Link: CVE-2008-6331

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-18T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "streber-unspecified-csrf(46674)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46674"}, {"name": "32739", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32739"}, {"name": "49893", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/49893"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?group_id=145255&release_id=640914"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6331", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "streber-unspecified-csrf(46674)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46674"}, {"name": "32739", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32739"}, {"name": "49893", "refsource": "OSVDB", "url": "http://osvdb.org/49893"}, {"name": "http://sourceforge.net/project/shownotes.php?group_id=145255&release_id=640914", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=145255&release_id=640914"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6331", "datePublished": "2009-02-27T16:00:00", "dateReserved": "2009-02-27T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:streber-pm:streber:*:*:*:*:*:*:*:*", "matchCriteriaId": "324309D4-D96E-4AC6-A149-5275C770E467", "versionEndIncluding": "0.0803", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.08:*:*:*:*:*:*:*", "matchCriteriaId": "D6ADC874-08A8-435E-9744-3C21312076A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.054:*:*:*:*:*:*:*", "matchCriteriaId": "42C5425A-697C-4ED8-8D14-62FEEA04EFAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.055:*:*:*:*:*:*:*", "matchCriteriaId": "95B6232D-9003-4120-B234-9CC728EB7311", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.056:*:*:*:*:*:*:*", "matchCriteriaId": "DDA99D40-A3E7-4287-9D8D-AD790D217491", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.078:*:*:*:*:*:*:*", "matchCriteriaId": "D81DF49B-20DC-4B6A-ADF1-2B1BEF55A453", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.079:*:*:*:*:*:*:*", "matchCriteriaId": "04072311-5E45-44A0-BA63-ECDA3532365E", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.0791:*:*:*:*:*:*:*", "matchCriteriaId": "175313B5-52CD-4FCF-A790-3CF4C6CCDB23", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.0792:*:*:*:*:*:*:*", "matchCriteriaId": "CD44EEB0-5B4B-4731-BC0D-F9457F6D641E", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.0794:*:*:*:*:*:*:*", "matchCriteriaId": "EF3691FE-B99D-4FB9-B85A-751C5E373E20", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.0795:*:*:*:*:*:*:*", "matchCriteriaId": "4794DDC3-D80B-4C16-A631-57B48AB34DDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.0796:*:*:*:*:*:*:*", "matchCriteriaId": "DAC101DF-728C-4923-AD58-59A68245E61E", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.0801:*:*:*:*:*:*:*", "matchCriteriaId": "F7BE3022-CAD7-4B68-AD9D-1C135C3A2358", "vulnerable": true}, {"criteria": "cpe:2.3:a:streber-pm:streber:0.07991:*:*:*:*:*:*:*", "matchCriteriaId": "9D2F66FE-85B5-434D-856C-5E799CCC1702", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en Streber anterior a versi\u00f3n 0.08093, permiten a los atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas por medio de vectores desconocidos."}], "id": "CVE-2008-6331", "lastModified": "2017-08-17T01:29:13.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-02-27T16:30:08.217", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/49893"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32739"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?group_id=145255&release_id=640914"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46674"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}