Security Advisory

CVE-2008-0210

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2008-01-10 00:00:00

Last updated 2024-08-07 07:39:34

Assigner mitre

State PUBLISHED

Description

Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.

← Browse all CVEs View on cve.org ↗