Security Database IT Watching - Alert Detail

INFORMATION

Name	:	CVE-2009-1504	First Publication	:	2009-05-01
Severity	:	High	Last Modification	:	2009-05-02

SCORING CVSS v2

Cvss Base Score	:	7.5	Attack Range	:	Network
Cvss Impact Score	:	6.4	Attack Complexity	:	Low
Cvss Expoit Score	:	10	Authentification	:	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."

CWE COMMON WEAKNESS ENUMERATION

Weakness : CWE-287 - Improper Authentication (From NVD)

CPE COMMON PLATEFORM ENUMERATION (from NVD)

Application : Xigla Absolute control panel xe
- cpe:/a:xigla:absolute_control_panel_xe:1.5

OPEN SOURCE VULNERABILITY DATABASE (OSVDB)

54196 : Absolute Form Processor XE xlaAFPadmin Cookie Manipulation Admin Authentication Bypass.

SECONDARY(S) SOURCE(S)

Source : MILW0RM
Url : http://www.milw0rm.com/exploits/8529