Vulnerability Description
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kayako | Supportsuite | 3.11.01 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28613Vendor Advisory
- http://securityreason.com/securityalert/3573
- http://www.securityfocus.com/archive/1/486762/100/0/threaded
- http://www.waraxe.us/advisory-63.html
- http://secunia.com/advisories/28613Vendor Advisory
- http://securityreason.com/securityalert/3573
- http://www.securityfocus.com/archive/1/486762/100/0/threaded
- http://www.waraxe.us/advisory-63.html
FAQ
What is CVE-2008-0395?
CVE-2008-0395 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
How severe is CVE-2008-0395?
CVE-2008-0395 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0395?
Check the references section above for vendor advisories and patch information. Affected products include: Kayako Supportsuite.