| VID |
21853 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Geeklog program is vulnerable to an authorization bypass vulnerability via the session cookie. Geeklog is an open-source Web log software written in PHP and MySQL. Geeklog versions 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5 are vulnerable to an authorization bypass vulnerability, caused by a flaw in its session-handling library. A remote attacker could exploit this vulnerability to bypass the authentication procedure and gain unauthorized access to a vulnerable application with administrative privileges.
* References:
http://www.geeklog.net/article.php/geeklog-1.4.0sr2
http://www.frsirt.com/english/advisories/2006/0851
* Platforms Affected:
Geeklog versions 1.3.9 prior to 1.3.9sr5
Geeklog versions 1.3.11 prior to 1.3.11sr5
Geeklog versions 1.4.x prior to 1.4.0sr2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Geeklog (1.3.9sr5 or 1.3.11sr5 or 1.4.0sr2 or later), available from the Geeklog Web site at http://www.geeklog.net/filemgmt/viewcat.php?cid=8 |
| Related URL |
CVE-2006-1069 (CVE) |
| Related URL |
17010 (SecurityFocus) |
| Related URL |
(ISS) |
|
