CVE-2008-6540 (GCVE-0-2008-6540)

Vulnerability from cvelistv5 – Published: 2009-03-30 01:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.dotnetnuke.com/News/SecurityBulletins/… x_refsource_CONFIRM
http://www.securityfocus.com/bid/28391 vdb-entryx_refsource_BID
http://secunia.com/advisories/29488 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/489957/100… mailing-listx_refsource_BUGTRAQ
http://osvdb.org/43720 vdb-entryx_refsource_OSVDB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:34:46.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "dotnetnuke-webconfig-weak-security(41399)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41399"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx"
          },
          {
            "name": "28391",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28391"
          },
          {
            "name": "29488",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29488"
          },
          {
            "name": "20080321 DotNetNuke Default Machine Key Exposure",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489957/100/0/threaded"
          },
          {
            "name": "43720",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/43720"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "dotnetnuke-webconfig-weak-security(41399)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41399"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx"
        },
        {
          "name": "28391",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28391"
        },
        {
          "name": "29488",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29488"
        },
        {
          "name": "20080321 DotNetNuke Default Machine Key Exposure",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489957/100/0/threaded"
        },
        {
          "name": "43720",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/43720"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-6540",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "dotnetnuke-webconfig-weak-security(41399)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41399"
            },
            {
              "name": "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx",
              "refsource": "CONFIRM",
              "url": "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx"
            },
            {
              "name": "28391",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28391"
            },
            {
              "name": "29488",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29488"
            },
            {
              "name": "20080321 DotNetNuke Default Machine Key Exposure",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489957/100/0/threaded"
            },
            {
              "name": "43720",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/43720"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-6540",
    "datePublished": "2009-03-30T01:00:00",
    "dateReserved": "2009-03-29T00:00:00",
    "dateUpdated": "2024-08-07T11:34:46.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.8.1\", \"matchCriteriaId\": \"EFFBB6F1-D566-4D0D-B8F2-F8817D3DB7CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4300BB9D-1A72-4005-AA68-35DB57A551E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"797726FF-24E9-415A-AC8B-2AE3301F8824\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC6BB8DE-9497-42D7-A29D-BCAC75337A96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54AB8E47-5484-4449-88BA-90F0CCED285A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B111556A-56AC-413C-A1B7-D973492BA8F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE94AE61-4CA4-48B5-BB08-D808CF750CFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7863328-514C-4885-B5DD-5E04503962E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"750F735B-1419-4FCF-84F0-05E13608B73D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF8EC31D-9C28-46D7-83C6-9720AA0DBC1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81D4BDCE-EF83-48E2-BDC7-F6F6CE5CE51F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2A5E7E9-4530-4CA9-BD61-4A22D17A898F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7DEB2BD-8543-4408-B96E-616AFEBEEB12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:3.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72A73BE5-6668-484E-8E7C-16E839E98882\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31D0AA24-9FA3-4AFD-920A-295898473918\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:4.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34AF4B04-B86C-4BD0-94D9-3157AC55E542\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68F28416-0ABF-4B2F-87A4-C4EC4D0CA227\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.\"}, {\"lang\": \"es\", \"value\": \"DotNetNuke anteriores a v4.8.2, durante la instalaci\\u00f3n o actualizaci\\u00f3n, no avisan al administrador que los valores (1) ValidationKey y (2) DecryptionKey  no pueden ser modificados  en el fichero web.config, lo que permite a atacantes remotos saltarse las restricciones de intento de acceso utilizando las claves por defecto.\\r\\n\"}]",
      "id": "CVE-2008-6540",
      "lastModified": "2024-11-21T00:56:47.863",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-03-30T01:30:00.327",
      "references": "[{\"url\": \"http://osvdb.org/43720\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29488\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/489957/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28391\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41399\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/43720\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29488\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/489957/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28391\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41399\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-6540\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-03-30T01:30:00.327\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.\"},{\"lang\":\"es\",\"value\":\"DotNetNuke anteriores a v4.8.2, durante la instalaci\u00f3n o actualizaci\u00f3n, no avisan al administrador que los valores (1) ValidationKey y (2) DecryptionKey  no pueden ser modificados  en el fichero web.config, lo que permite a atacantes remotos saltarse las restricciones de intento de acceso utilizando las claves por defecto.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.8.1\",\"matchCriteriaId\":\"EFFBB6F1-D566-4D0D-B8F2-F8817D3DB7CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4300BB9D-1A72-4005-AA68-35DB57A551E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"797726FF-24E9-415A-AC8B-2AE3301F8824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6BB8DE-9497-42D7-A29D-BCAC75337A96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54AB8E47-5484-4449-88BA-90F0CCED285A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B111556A-56AC-413C-A1B7-D973492BA8F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE94AE61-4CA4-48B5-BB08-D808CF750CFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7863328-514C-4885-B5DD-5E04503962E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"750F735B-1419-4FCF-84F0-05E13608B73D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF8EC31D-9C28-46D7-83C6-9720AA0DBC1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81D4BDCE-EF83-48E2-BDC7-F6F6CE5CE51F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2A5E7E9-4530-4CA9-BD61-4A22D17A898F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7DEB2BD-8543-4408-B96E-616AFEBEEB12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:3.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A73BE5-6668-484E-8E7C-16E839E98882\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31D0AA24-9FA3-4AFD-920A-295898473918\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:4.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34AF4B04-B86C-4BD0-94D9-3157AC55E542\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68F28416-0ABF-4B2F-87A4-C4EC4D0CA227\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/43720\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29488\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/489957/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28391\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41399\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/43720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29488\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/489957/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28391\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41399\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.