CVE-2004-2443

EPSS 8.8%

Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/24256unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html http://securitytracker.com/id?1010651 https://exchange.xforce.ibmcloud.com/vulnerabilities/16622 http://www.osvdb.org/7724 http://www.securityfocus.com/bid/10670