CVE-2008-6440
Cerberus Helpdesk < 4.0 Build 600 - Unauthenticated Sensitive Information Exposure via Direct Controller Requests
Title source: llmDescription
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29335
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30344
Vendor Advisory x_refsource_confirm
http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/
Scores
EPSS
0.0116
EPSS Percentile
63.1%
Details
CWE
CWE-287
Status
published
Products (14)
cerberus/cerberus_helpdesk
2.5
webgroupmedia/cerberus_helpdesk
0.97.3
webgroupmedia/cerberus_helpdesk
2.0
webgroupmedia/cerberus_helpdesk
2.1
webgroupmedia/cerberus_helpdesk
2.2
webgroupmedia/cerberus_helpdesk
2.3
webgroupmedia/cerberus_helpdesk
2.4
webgroupmedia/cerberus_helpdesk
2.6.1
webgroupmedia/cerberus_helpdesk
2.7
webgroupmedia/cerberus_helpdesk
2.7.1 development_release
... and 4 more
Published
Mar 06, 2009
Tracked Since
Feb 18, 2026