Jamroom Cookie Authentication Bypass Vulnerability and Multiple Unspecified Security Vulnerabilities
BID:30406
Info
Jamroom Cookie Authentication Bypass Vulnerability and Multiple Unspecified Security Vulnerabilities
| Bugtraq ID: | 30406 |
| Class: | Unknown |
| CVE: |
CVE-2008-3376 CVE-2008-3375 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 28 2008 12:00AM |
| Updated: | Jul 05 2016 10:01PM |
| Credit: | James Bercegay of the GulfTech Security Research Team and the vendor are credited with discovering these vulnerabilities. |
| Vulnerable: |
Jamroom Jamroom 3.3.8 Jamroom Jamroom 3.3.5 Jamroom Jamroom 3.0.16 |
| Not Vulnerable: |
Jamroom Jamroom 3.4 |
Discussion
Jamroom Cookie Authentication Bypass Vulnerability and Multiple Unspecified Security Vulnerabilities
Jamroom is prone to fourteen security vulnerabilities, including an authentication-bypass vulnerability that occurs because the application fails to verify user-supplied data.
Very few technical details are available regarding the remaining security vulnerabilities. We will update this BID when more information is disclosed.
An attacker can exploit the authentication-bypass vulnerability to gain administrative access to the affected application; other attacks are also possible. Effects of the remaining security vulnerabilities are not currently known.
Jamroom is prone to fourteen security vulnerabilities, including an authentication-bypass vulnerability that occurs because the application fails to verify user-supplied data.
Very few technical details are available regarding the remaining security vulnerabilities. We will update this BID when more information is disclosed.
An attacker can exploit the authentication-bypass vulnerability to gain administrative access to the affected application; other attacks are also possible. Effects of the remaining security vulnerabilities are not currently known.
Exploit / POC
Jamroom Cookie Authentication Bypass Vulnerability and Multiple Unspecified Security Vulnerabilities
Attackers can exploit the authentication-bypass vulnerability with a browser.
The following exploit code is available:
Attackers can exploit the authentication-bypass vulnerability with a browser.
The following exploit code is available:
Solution / Fix
Jamroom Cookie Authentication Bypass Vulnerability and Multiple Unspecified Security Vulnerabilities
Solution:
The vendor released Jamroom 3.4.0 to address these issues. Please see the references for more information.
Jamroom Jamroom 3.0.16
Jamroom Jamroom 3.3.5
Jamroom Jamroom 3.3.8
Solution:
The vendor released Jamroom 3.4.0 to address these issues. Please see the references for more information.
Jamroom Jamroom 3.0.16
-
Jamroom jamroom-3.4.0.zip
http://www.jamroom.net/index.php?m=td_download&o=download&file_id=43
Jamroom Jamroom 3.3.5
-
Jamroom jamroom-3.4.0.zip
http://www.jamroom.net/index.php?m=td_download&o=download&file_id=43
Jamroom Jamroom 3.3.8
-
Jamroom jamroom-3.4.0.zip
http://www.jamroom.net/index.php?m=td_download&o=download&file_id=43
References
Jamroom Cookie Authentication Bypass Vulnerability and Multiple Unspecified Security Vulnerabilities
References:
References:
- Jamroom 3.4.0 has been released! (Jamroom)
- Jamroom Homepage (Jamroom)
- JamRoom <= 3.3.8 Authentication Bypass (GulfTech Security Research