NVD

Id
62505  
Name
CVE-2006-3837  
Description
delcookie.php in Professional Home Page Tools Guestbook changes the expiration date of a cookie instead of deleting the cookie"s value, which makes it easier for attackers to steal the cookie and obtain the administrator"s password hash after logout.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2016-12-20  
Published
2006-07-25  
Modified Date
2008-09-05  
Seq
2006-3837  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
324720 62505 CVE-2006-3837 http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt  View
324721 62505 CVE-2006-3837 1275  View
324722 62505 CVE-2006-3837 20060717 Professional PHP Tools Guestbook Multiple Vulnerabilities  View
324723 62505 CVE-2006-3837 phptguestbook-setcookie-insecure-cookie(27775)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
60638 JVNDB-2006-002904 Professional Home Page Tools Guestbook の delcookie.php における管理者のパスワードハッシュを取得され脆弱性 Professional Home Page Tools Guestbook の delcookie.php は、クッキー値を削除する代わりにクッキーの有効期限を変更されるため、クッキーを盗まれる、およびログアウト後に管理者のパスワードハッシュを取得される脆弱性が存在します。 CVE-2006-3837 19939 CVE-2006-3837 62505 5 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-002904.html 2006-07-25 2012-12-20 View