Vulnerability Details CVE-2007-2233
cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.6%
CVSS Severity
CVSS v2 Score 6.5
References
- http://secunia.com/advisories/24845
- http://www.securityfocus.com/archive/1/465386/100/100/threaded
- http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt
- http://www.vupen.com/english/advisories/2007/1359
- http://secunia.com/advisories/24845
- http://www.securityfocus.com/archive/1/465386/100/100/threaded
- http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt
- http://www.vupen.com/english/advisories/2007/1359
Products affected by CVE-2007-2233
-
cpe:2.3:a:cosign:cosign:0.7.0
-
cpe:2.3:a:cosign:cosign:0.8.0
-
cpe:2.3:a:cosign:cosign:0.9.0
-
cpe:2.3:a:cosign:cosign:1.0
-
cpe:2.3:a:cosign:cosign:1.1
-
cpe:2.3:a:cosign:cosign:1.5
-
cpe:2.3:a:cosign:cosign:1.6
-
cpe:2.3:a:cosign:cosign:1.7
-
cpe:2.3:a:cosign:cosign:1.8
-
cpe:2.3:a:cosign:cosign:1.8.5
-
cpe:2.3:a:cosign:cosign:1.9
-
cpe:2.3:a:cosign:cosign:2.0.1
-
cpe:2.3:a:cosign:cosign:2.0.2