5.1
CVE-2008-6540
- EPSS 2.5%
- Veröffentlicht 30.03.2009 01:30:00
- Zuletzt bearbeitet 16.06.2026 23:02:24
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dnnsoftware ≫ Dotnetnuke Version <= 4.8.1
Dnnsoftware ≫ Dotnetnuke Version1.0.6
Dnnsoftware ≫ Dotnetnuke Version1.0.7
Dnnsoftware ≫ Dotnetnuke Version1.0.8
Dnnsoftware ≫ Dotnetnuke Version1.0.9
Dnnsoftware ≫ Dotnetnuke Version1.0.10d
Dnnsoftware ≫ Dotnetnuke Version1.0.10e
Dnnsoftware ≫ Dotnetnuke Version2.1.1
Dnnsoftware ≫ Dotnetnuke Version2.1.2
Dnnsoftware ≫ Dotnetnuke Version3.0.7
Dnnsoftware ≫ Dotnetnuke Version3.0.8
Dnnsoftware ≫ Dotnetnuke Version3.0.11
Dnnsoftware ≫ Dotnetnuke Version3.1.0
Dnnsoftware ≫ Dotnetnuke Version3.3.5
Dnnsoftware ≫ Dotnetnuke Version4.0
Dnnsoftware ≫ Dotnetnuke Version4.3.5
Dnnsoftware ≫ Dotnetnuke Version4.5.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.5% | 0.826 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
http://osvdb.org/43720
http://secunia.com/advisories/29488
http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx
http://www.securityfocus.com/archive/1/489957/100/0/threaded
http://www.securityfocus.com/bid/28391
https://exchange.xforce.ibmcloud.com/vulnerabilities/41399