CVE-2006-4048 - Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attacker

CVE-2006-4048

Summary

Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

References

http://secunia.com/advisories/21347
http://www.osvdb.org/27789
http://www.securityfocus.com/bid/19421
http://www.vupen.com/english/advisories/2006/3167
https://exchange.xforce.ibmcloud.com/vulnerabilities/28264

Vulnerable Configurations

cpe:2.3:a:netious_cms:netious_cms:0.4:*:*:*:*:*:*:*
cpe:2.3:a:netious_cms:netious_cms:0.4:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	19421
osvdb	27789
secunia	21347
vupen	ADV-2006-3167
xf	netiouscms-sessionmgmt-session-hijacking(28264)

Last major update

20-07-2017 - 01:32

Published

09-08-2006 - 23:04

Last modified

20-07-2017 - 01:32