← Volver a CVEs
CVE-2008-1106
N/ADescripcion
The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado6/9/2008
Ultima modificacion4/9/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
akamai_technologies:clientred_swoosh:client
Debilidades (CWE)
CWE-287CWE-352
Referencias
http://secunia.com/advisories/30135(PSIRT-CNA@flexerasoftware.com)
http://secunia.com/secunia_research/2008-19/advisory/(PSIRT-CNA@flexerasoftware.com)
http://securityreason.com/securityalert/3930(PSIRT-CNA@flexerasoftware.com)
http://www.securityfocus.com/archive/1/493169/100/0/threaded(PSIRT-CNA@flexerasoftware.com)
http://www.securityfocus.com/archive/1/493170/100/0/threaded(PSIRT-CNA@flexerasoftware.com)
http://www.securitytracker.com/id?1020208(PSIRT-CNA@flexerasoftware.com)
http://www.vupen.com/english/advisories/2008/1761/references(PSIRT-CNA@flexerasoftware.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42895(PSIRT-CNA@flexerasoftware.com)
http://secunia.com/advisories/30135(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/secunia_research/2008-19/advisory/(af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/3930(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/493169/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/493170/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1020208(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1761/references(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42895(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.