← voltar
CVE-2014-8684

CVE-2014-8684

EPSS 71.5%
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.
Produtos afetados
n/a · n/a
PoCs públicas encontradas2
cve_referencepacketstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/36264não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.htmlhttp://seclists.org/fulldisclosure/2014/May/54https://github.com/kohana/core/pull/492https://scott.arciszewski.me/research/full/php-framework-timing-attacks-object-injection