CVE-2008-7143 - OpenCVE

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Phpbb	Phpbb

Configuration 1 [-]

cpe:2.3:a:phpbb:phpbb:2.0.23:*:*:*:*:*:*:*

References

Link	Resource
http://osvdb.org/51121
http://www.securityfocus.com/archive/1/489815/100/0/threaded

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-09-01T16:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2009-09-01T00:00:00

Link: CVE-2008-7143

JSON object: View

NVD Information

Status : Modified

Published: 2009-09-01T16:30:00.530

Modified: 2018-10-11T20:58:22.757

Link: CVE-2008-7143

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-18T00:00:00", "descriptions": [{"lang": "en", "value": "phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "51121", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/51121"}, {"name": "20080318 phpBB 2.0.23 Session Hijacking Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489815/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-7143", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "51121", "refsource": "OSVDB", "url": "http://osvdb.org/51121"}, {"name": "20080318 phpBB 2.0.23 Session Hijacking Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489815/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-7143", "datePublished": "2009-09-01T16:00:00", "dateReserved": "2009-09-01T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}