← back
CVE-2007-3420

CVE-2007-3420

EPSS 1.1%
The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/45401http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip