Back to search
CVE-2008-1106
Published: Jun 9, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20080606 Secunia Research: Akamai Red Swoosh Cross-Site Request Forgery
mailing-list
x_refsource_BUGTRAQ
redswoosh-http-csrf(42895)
vdb-entry
x_refsource_XF
ADV-2008-1761
vdb-entry
x_refsource_VUPEN
http://secunia.com/secunia_research/2008-19/advisory/
x_refsource_MISC
20080606 Akamai Technologies Security Advisory 2008-0003 (Akamai Client Software)
mailing-list
x_refsource_BUGTRAQ
1020208
vdb-entry
x_refsource_SECTRACK
3930
third-party-advisory
x_refsource_SREASON
30135
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now