Vulnerability CVE-2016-8638


Published: 2017-07-12   Modified: 2017-07-17

Description:
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users.

Vendor: Ipsilon project
Product: Ipsilon 
Version:
2.0.1
2.0.0
1.2.0
1.1.1
1.1.0
1.0.2
1.0.1
1.0.0

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial

 References:
http://www.securityfocus.com/bid/94439
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638
https://ipsilon-project.org/advisory/CVE-2016-8638.txt
https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c

Copyright 2017, cxsecurity.com

 

Back to Top