PT-2017-6256 · Kohana Team+1 · Kohana+1
Publicado
2017-09-19
·
Atualizado
2022-05-17
·
CVE-2014-8684
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CodeIgniter versions prior to 3.0
Kohana versions 3.2.3 and earlier
Kohana versions 3.3.x through 3.3.2
Description
The issue makes it easier for remote attackers to spoof session cookies and conduct PHP object injection attacks. This is achieved by leveraging the use of standard string comparison operators to compare cryptographic hashes.
Recommendations
For CodeIgniter versions prior to 3.0, update to version 3.0 or later.
For Kohana versions 3.2.3 and earlier, update to a version later than 3.2.3.
For Kohana versions 3.3.x through 3.3.2, update to a version later than 3.3.2.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Codeigniter
Kohana