cvelistv5 - cve-2008-4104

CVE-2008-4104 (GCVE-0-2008-4104)

Vulnerability from cvelistv5 – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00

Summary

Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://marc.info/?l=oss-security&m=122152798516853&w=2	mailing-listx_refsource_MLIST
	http://developer.joomla.org/security/news/274-200…	x_refsource_CONFIRM
	http://marc.info/?l=oss-security&m=122115344915232&w=2	mailing-listx_refsource_MLIST
	http://securityreason.com/securityalert/4275	third-party-advisoryx_refsource_SREASON
	http://marc.info/?l=oss-security&m=122118210029084&w=2	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:43.141Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "joomla-url-phishing(45071)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
          },
          {
            "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
          },
          {
            "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
          },
          {
            "name": "4275",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4275"
          },
          {
            "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "joomla-url-phishing(45071)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
        },
        {
          "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
        },
        {
          "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
        },
        {
          "name": "4275",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4275"
        },
        {
          "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4104",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "joomla-url-phishing(45071)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
            },
            {
              "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
            },
            {
              "name": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html",
              "refsource": "CONFIRM",
              "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
            },
            {
              "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
            },
            {
              "name": "4275",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4275"
            },
            {
              "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4104",
    "datePublished": "2008-09-18T17:47:00",
    "dateReserved": "2008-09-15T00:00:00",
    "dateUpdated": "2024-08-07T10:00:43.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2017D307-89B3-4D94-A266-C7D8D45960A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CCDBF4D-A797-4828-A084-8C775FA94BDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB1B7CF2-B717-4F37-A923-0E188FF3C47F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3333C204-A022-4B53-B61F-3C5601F21FC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2752717-AA95-4398-8091-24FD5925C4F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7B3B3FB-E67D-4D9A-BE01-855FA2545772\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \\\"passed in\\\" URL.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades involuntarias de redirecci\\u00f3n en Joomla! 1.5 anterior a 1.5.7; permiten a atacantes remotos redireccionar a los usuarios a sitios web de su elecci\\u00f3n y provocar ataques de phishing mediante una URL \\\"de paso\\\".\"}]",
      "id": "CVE-2008-4104",
      "lastModified": "2024-11-21T00:50:54.547",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:P\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-09-18T17:59:32.967",
      "references": "[{\"url\": \"http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/4275\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45071\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/4275\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45071\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-59\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-4104\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-09-18T17:59:32.967\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \\\"passed in\\\" URL.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades involuntarias de redirecci\u00f3n en Joomla! 1.5 anterior a 1.5.7; permiten a atacantes remotos redireccionar a los usuarios a sitios web de su elecci\u00f3n y provocar ataques de phishing mediante una URL \\\"de paso\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2017D307-89B3-4D94-A266-C7D8D45960A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CCDBF4D-A797-4828-A084-8C775FA94BDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB1B7CF2-B717-4F37-A923-0E188FF3C47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3333C204-A022-4B53-B61F-3C5601F21FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2752717-AA95-4398-8091-24FD5925C4F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B3B3FB-E67D-4D9A-BE01-855FA2545772\"}]}]}],\"references\":[{\"url\":\"http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/4275\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45071\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/4275\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-4104

Vulnerability from fkie_nvd - Published: 2008-09-18 17:59 - Updated: 2025-04-09 00:30

Severity ?

Summary

Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.

References

	URL	Tags
	cve@mitre.org	http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html
	cve@mitre.org	http://marc.info/?l=oss-security&m=122115344915232&w=2
	cve@mitre.org	http://marc.info/?l=oss-security&m=122118210029084&w=2
	cve@mitre.org	http://marc.info/?l=oss-security&m=122152798516853&w=2
	cve@mitre.org	http://securityreason.com/securityalert/4275
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45071
	af854a3a-2127-422b-91ae-364da2661108	http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=122115344915232&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=122118210029084&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=122152798516853&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4275
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45071

Impacted products

Vendor	Product	Version
joomla	joomla	1.5
joomla	joomla	1.5.1
joomla	joomla	1.5.2
joomla	joomla	1.5.3
joomla	joomla	1.5.4
joomla	joomla	1.5.5
joomla	joomla	1.5.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades involuntarias de redirecci\u00f3n en Joomla! 1.5 anterior a 1.5.7; permiten a atacantes remotos redireccionar a los usuarios a sitios web de su elecci\u00f3n y provocar ataques de phishing mediante una URL \"de paso\"."
    }
  ],
  "id": "CVE-2008-4104",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-18T17:59:32.967",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4275"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9QR2-FX2G-PFVH

Vulnerability from github – Published: 2022-05-02 00:06 – Updated: 2024-02-09 16:54

Summary

Joomla! Open Redirect vulnerability

Details

Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "joomla/framework"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.5.0"
            },
            {
              "fixed": "1.5.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2008-4104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-09T16:54:17Z",
    "nvd_published_at": "2008-09-18T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL.",
  "id": "GHSA-9qr2-fx2g-pfvh",
  "modified": "2024-02-09T16:54:17Z",
  "published": "2022-05-02T00:06:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4104"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/joomla/joomla-framework"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20081219152017/http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4275"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Joomla! Open Redirect vulnerability"
}

CERTA-2008-AVI-456

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectent le logiciel Joomla!. Elles permettent de contourner la politique de sécurité ou de porter atteinte à l'intégrité des données.

Description

Une vulnérabilité dans JRequest permet de modifier des variables et, par exemple, d'injecter des caractères non désirés.

Un défaut dans le générateur de nombres aléatoires permet de deviner les mots de passe et les jetons créés par l'application.

Deux vulnérabilités permettent l'envoi de pourriel et la redirection vers des sites malveillants.

Solution

La version 1.5.7 corrige ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Joomla! version 1.5.6 et versions précédentes.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Joomla! du 09 septembre 2008	None	vendor-advisory
Site du projet Joomla! :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eJoomla! version 1.5.6 et versions  pr\u00e9c\u00e9dentes.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans JRequest permet de modifier des variables et, par\nexemple, d\u0027injecter des caract\u00e8res non d\u00e9sir\u00e9s.\n\nUn d\u00e9faut dans le g\u00e9n\u00e9rateur de nombres al\u00e9atoires permet de deviner les\nmots de passe et les jetons cr\u00e9\u00e9s par l\u0027application.\n\nDeux vuln\u00e9rabilit\u00e9s permettent l\u0027envoi de pourriel et la redirection\nvers des sites malveillants.\n\n## Solution\n\nLa version 1.5.7 corrige ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4103"
    },
    {
      "name": "CVE-2008-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4104"
    },
    {
      "name": "CVE-2008-4102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4102"
    },
    {
      "name": "CVE-2008-4105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4105"
    }
  ],
  "links": [
    {
      "title": "Site du projet Joomla! :",
      "url": "http://www.joomla.org"
    }
  ],
  "reference": "CERTA-2008-AVI-456",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-11T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2008-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent le logiciel Joomla!. Elles permettent\nde contourner la politique de s\u00e9curit\u00e9 ou de porter atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s de Joomla!",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Joomla! du 09 septembre 2008",
      "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
    }
  ]
}

CERTA-2008-AVI-456

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectent le logiciel Joomla!. Elles permettent de contourner la politique de sécurité ou de porter atteinte à l'intégrité des données.

Description

Une vulnérabilité dans JRequest permet de modifier des variables et, par exemple, d'injecter des caractères non désirés.

Un défaut dans le générateur de nombres aléatoires permet de deviner les mots de passe et les jetons créés par l'application.

Deux vulnérabilités permettent l'envoi de pourriel et la redirection vers des sites malveillants.

Solution

La version 1.5.7 corrige ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Joomla! version 1.5.6 et versions précédentes.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Joomla! du 09 septembre 2008	None	vendor-advisory
Site du projet Joomla! :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eJoomla! version 1.5.6 et versions  pr\u00e9c\u00e9dentes.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans JRequest permet de modifier des variables et, par\nexemple, d\u0027injecter des caract\u00e8res non d\u00e9sir\u00e9s.\n\nUn d\u00e9faut dans le g\u00e9n\u00e9rateur de nombres al\u00e9atoires permet de deviner les\nmots de passe et les jetons cr\u00e9\u00e9s par l\u0027application.\n\nDeux vuln\u00e9rabilit\u00e9s permettent l\u0027envoi de pourriel et la redirection\nvers des sites malveillants.\n\n## Solution\n\nLa version 1.5.7 corrige ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4103"
    },
    {
      "name": "CVE-2008-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4104"
    },
    {
      "name": "CVE-2008-4102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4102"
    },
    {
      "name": "CVE-2008-4105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4105"
    }
  ],
  "links": [
    {
      "title": "Site du projet Joomla! :",
      "url": "http://www.joomla.org"
    }
  ],
  "reference": "CERTA-2008-AVI-456",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-11T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2008-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent le logiciel Joomla!. Elles permettent\nde contourner la politique de s\u00e9curit\u00e9 ou de porter atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s de Joomla!",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Joomla! du 09 septembre 2008",
      "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
    }
  ]
}

GSD-2008-4104

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.

Aliases

CVE-2008-4104

Aliases

CVE-2008-4104

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4104",
    "description": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL.",
    "id": "GSD-2008-4104"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4104"
      ],
      "details": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL.",
      "id": "GSD-2008-4104",
      "modified": "2023-12-13T01:22:59.922949Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-4104",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "joomla-url-phishing(45071)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
          },
          {
            "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
          },
          {
            "name": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html",
            "refsource": "CONFIRM",
            "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
          },
          {
            "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
          },
          {
            "name": "4275",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/4275"
          },
          {
            "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4104"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-59"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
            },
            {
              "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
            },
            {
              "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
            },
            {
              "name": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
            },
            {
              "name": "4275",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4275"
            },
            {
              "name": "joomla-url-phishing(45071)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:32Z",
      "publishedDate": "2008-09-18T17:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-4104 (GCVE-0-2008-4104)

FKIE_CVE-2008-4104

GHSA-9QR2-FX2G-PFVH

CERTA-2008-AVI-456

Description

Solution

CERTA-2008-AVI-456

Description

Solution

GSD-2008-4104

Tags

Sightings

Nomenclature