CVE-2008-2134

Tru-Zone Nuke ET 3.x - Arbitrary Account Access via Journal Module Cookie Manipulation

Title source: llm
STIX 2.1

Description

The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie.

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30061
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29080
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42239

Scores

EPSS 0.0120
EPSS Percentile 64.6%

Details

CWE
CWE-20
Status published
Products (6)
tru-zone/nukeet 3.0
tru-zone/nukeet 3.1
tru-zone/nukeet 3.2
tru-zone/nukeet 3.3
tru-zone/nukeet 3.4
tru-zone/nukeet 3.9
Published May 09, 2008
Tracked Since Feb 18, 2026