← Retour aux CVEs

CVE-2007-2233

N/A

Description

cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.

Details CVE

Score CVSS v3.1N/A

Publie4/25/2007

Derniere modification4/23/2026

Sourcenvd

Observations honeypot0

Produits affectes

cosign:cosign

References

http://secunia.com/advisories/24845(cve@mitre.org)

http://www.securityfocus.com/archive/1/465386/100/100/threaded(cve@mitre.org)

http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt(cve@mitre.org)

http://www.vupen.com/english/advisories/2007/1359(cve@mitre.org)

http://secunia.com/advisories/24845(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/archive/1/465386/100/100/threaded(af854a3a-2127-422b-91ae-364da2661108)

http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt(af854a3a-2127-422b-91ae-364da2661108)

http://www.vupen.com/english/advisories/2007/1359(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.