|
|
Info |
Last Modified |
| 5 months ago |
|
|
|
|
Description |
Basic Analysis and Security Engine (BASE) contains a flaw that may allow a malicious user to gain admin privileges without authentication. The issue is triggered when sending a specially crafted cookie. It is possible that the flaw may allow unauthorized administrative access resulting in a loss of confidentiality, integrity, and/or availability.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Authentication Management
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Technical |
This vulnerability is only present when BASE built in authentication system is used and not with Web server authentication system.
|
|
Solution |
Upgrade to cvs version or version 1.2.5 (sarah) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Basic Analysis and Security Engine (BASE)
 |
1.1 (elizabeth) |
1.1.2 (zora) |
1.1.3 (lynn) |
1.1.4 (cheryl) |
1.2.0 (betty) |
1.2.1 (kris) |
1.2.2 (cindy) |
1.2.4 (melissa) |
|
|
|
|
|
Credit |
- Nikns Siankin - nikns
 secure.lv - BASE+
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
