CVE-2008-1106

Akamai Client <3322 - CSRF

Title source: llm

Description

The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.

References (8)

[Patch, Vendor Advisory] http://secunia.com/advisories/30135

[Vendor Advisory] http://secunia.com/secunia_research/2008-19/advisory/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/493169/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42895

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/493170/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020208

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1761/references

[Third Party Advisory] http://securityreason.com/securityalert/3930

Scores

EPSS 0.0010

EPSS Percentile 28.5%

Classification

CWE

CWE-287 CWE-352

Status draft

Affected Products (2)

akamai_technologies/client < 3322

red_swoosh/client < 3322

Timeline

Published Jun 09, 2008

Tracked Since Feb 18, 2026