Vulnerability Description
Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yektaweb | Academic Web Tools | <= 1.4.2.8 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3959
- http://www.bugreport.ir/?/44
- http://www.securityfocus.com/archive/1/493472/100/0/threaded
- http://www.securityfocus.com/bid/29813
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43179
- http://securityreason.com/securityalert/3959
- http://www.bugreport.ir/?/44
- http://www.securityfocus.com/archive/1/493472/100/0/threaded
- http://www.securityfocus.com/bid/29813
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43179
FAQ
What is CVE-2008-2970?
CVE-2008-2970 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) in...
How severe is CVE-2008-2970?
CVE-2008-2970 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2970?
Check the references section above for vendor advisories and patch information. Affected products include: Yektaweb Academic Web Tools.