5

CVE-2008-1238

Exploit

EPSS 6.24%
Veröffentlicht 27.03.2008 10:44:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 38

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 2.0.0.12

Mozilla ≫ Seamonkey Version <= 1.1.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.24%	0.899

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

http://secunia.com/advisories/29526

http://secunia.com/advisories/29539

http://secunia.com/advisories/29541

http://secunia.com/advisories/29547

http://secunia.com/advisories/29558

http://secunia.com/advisories/29560

http://secunia.com/advisories/29616

http://secunia.com/advisories/29645

http://secunia.com/advisories/30327

http://secunia.com/advisories/30620

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

http://www.debian.org/security/2008/dsa-1532

http://www.debian.org/security/2008/dsa-1534

http://www.debian.org/security/2008/dsa-1535

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

http://www.securityfocus.com/archive/1/490196/100/0/threaded

http://www.securityfocus.com/bid/28448

http://www.ubuntu.com/usn/usn-592-1

http://www.us-cert.gov/cas/techalerts/TA08-087A.html

US Government Resource

http://www.vupen.com/english/advisories/2008/0998/references

http://www.vupen.com/english/advisories/2008/1793/references

http://rhn.redhat.com/errata/RHSA-2008-0208.html

http://secunia.com/advisories/29391

http://secunia.com/advisories/29550

http://secunia.com/advisories/29607

http://www.redhat.com/support/errata/RHSA-2008-0207.html

http://www.redhat.com/support/errata/RHSA-2008-0209.html

http://sla.ckers.org/forum/read.php?10%2C20033

http://www.mozilla.org/security/announce/2008/mfsa2008-16.html

Exploit

http://www.securitytracker.com/id?1019703

https://exchange.xforce.ibmcloud.com/vulnerabilities/41449

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9889

https://nvd.nist.gov/vuln/detail/CVE-2008-1238

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1238

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1238

EUVD