CVE-2008-3494

8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/31391
http://www.securityfocus.com/archive/1/495117/100/0/threaded
http://www.securityfocus.com/bid/30541	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/44238
http://secunia.com/advisories/31391
http://www.securityfocus.com/archive/1/495117/100/0/threaded
http://www.securityfocus.com/bid/30541	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/44238

Configurations

Configuration 1 (hide)

cpe:2.3:a:8e6:r3000_internet_filter:2.0.12.10:*:*:*:*:*:*:*

History

21 Nov 2024, 00:49

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/31391 -~~	() http://secunia.com/advisories/31391 -
References	~~() http://www.securityfocus.com/archive/1/495117/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/495117/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/30541 - Exploit~~	() http://www.securityfocus.com/bid/30541 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/44238 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/44238 -

Information

Published : 2008-08-06 18:41

Updated : 2025-04-09 00:30

NVD link : CVE-2008-3494

Mitre link : CVE-2008-3494

CVE.ORG link : CVE-2008-3494

JSON object : View

Products Affected

8e6

r3000_internet_filter

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2008-3494", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-08-06T18:41:00.000", "references": [{"url": "http://secunia.com/advisories/31391", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/495117/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30541", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44238", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31391", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/495117/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/30541", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44238", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header."}, {"lang": "es", "value": "8e6 R3000 Internet Filter 2.0.12.10 permite a atacantes remotos evitar restricciones previstas a trav\u00e9s de una cabecera Host HTTP extra con texto adicional colocado antes que la cabecera Host real."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:8e6:r3000_internet_filter:2.0.12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75891E57-3807-48F9-AC4D-8A9C0A9D5D29"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.8 /10