Vulnerability Description
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tejimaya | Openpne | 1.6 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN06874657/index.html
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html
- http://secunia.com/advisories/38857Vendor Advisory
- http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html
- http://www.openpne.jp/archives/4612/Vendor Advisory
- http://jvn.jp/en/jp/JVN06874657/index.html
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html
- http://secunia.com/advisories/38857Vendor Advisory
- http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html
- http://www.openpne.jp/archives/4612/Vendor Advisory
FAQ
What is CVE-2010-1040?
CVE-2010-1040 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass...
How severe is CVE-2010-1040?
CVE-2010-1040 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1040?
Check the references section above for vendor advisories and patch information. Affected products include: Tejimaya Openpne.