Vulnerability Details CVE-2007-2232
The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/24845
- http://www.securityfocus.com/archive/1/465386/100/100/threaded
- http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-001.txt
- http://www.vupen.com/english/advisories/2007/1359
- http://secunia.com/advisories/24845
- http://www.securityfocus.com/archive/1/465386/100/100/threaded
- http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-001.txt
- http://www.vupen.com/english/advisories/2007/1359
Products affected by CVE-2007-2232
-
cpe:2.3:a:cosign:cosign:0.7.0
-
cpe:2.3:a:cosign:cosign:0.8.0
-
cpe:2.3:a:cosign:cosign:0.9.0
-
cpe:2.3:a:cosign:cosign:1.0
-
cpe:2.3:a:cosign:cosign:1.1
-
cpe:2.3:a:cosign:cosign:1.5
-
cpe:2.3:a:cosign:cosign:1.6
-
cpe:2.3:a:cosign:cosign:1.7
-
cpe:2.3:a:cosign:cosign:1.8
-
cpe:2.3:a:cosign:cosign:1.8.5
-
cpe:2.3:a:cosign:cosign:1.9
-
cpe:2.3:a:cosign:cosign:2.0.1