cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."
References
Link | Resource |
---|---|
http://code.google.com/p/cookiecheck/ | Exploit Patch Vendor Advisory |
http://code.google.com/p/cookiecheck/source/browse/patches/cookiecheck-1.0-security-fix-1.patch?spec=svn11&r=11 | Exploit Patch |
http://osvdb.org/48865 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/49827 |
Configurations
History
No history.
Information
Published : 2009-04-03 18:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-6599
Mitre link : CVE-2008-6599
CVE.ORG link : CVE-2008-6599
JSON object : View
Products Affected
jath_pala
- cookiecheck
CWE
CWE-264
Permissions, Privileges, and Access Controls