Vulnerabilities > CVE-2007-2233 - Cross-Site Request Forgery vulnerability in Cosign

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cosign

exploit available

NVD

Published: 2007-04-25

Updated: 2018-10-16

Summary

cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.

Vulnerable Configurations

Part	Description	Count
Application	Cosign Cosign Cosign 0.7.0 Cosign Cosign 0.8.0 Cosign Cosign 0.9.0 Cosign Cosign 1.0 Cosign Cosign 1.1 Cosign Cosign 1.5 Cosign Cosign 1.6 Cosign Cosign 1.7 Cosign Cosign 1.8 Cosign Cosign 1.8.5 Cosign Cosign 1.9 Cosign Cosign 2.0.1 Cosign Cosign 2.0.2	13

Exploit-Db

description	Cosign 2.0.1/2.9.4a CGI Register Command Remote Authentication Bypass Vulnerability. CVE-2007-2233. Webapps exploit for cgi platform
id	EDB-ID:29844
last seen	2016-02-03
modified	2007-04-11
published	2007-04-11
reporter	Jon Oberheide
source	https://www.exploit-db.com/download/29844/
title	Cosign 2.0.1/2.9.4a CGI Register Command Remote Authentication Bypass Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References