PT-2017-6256 · Kohana Team+1 · Kohana+1
Published
2017-09-19
·
Updated
2022-05-17
·
CVE-2014-8684
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CodeIgniter versions prior to 3.0
Kohana versions 3.2.3 and earlier
Kohana versions 3.3.x through 3.3.2
Description
The issue makes it easier for remote attackers to spoof session cookies and conduct PHP object injection attacks. This is achieved by leveraging the use of standard string comparison operators to compare cryptographic hashes.
Recommendations
For CodeIgniter versions prior to 3.0, update to version 3.0 or later.
For Kohana versions 3.2.3 and earlier, update to a version later than 3.2.3.
For Kohana versions 3.3.x through 3.3.2, update to a version later than 3.3.2.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codeigniter
Kohana