CVE-2008-5742 - Vulnerability Details - OpenCVE

Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01158.

Key SSVC decision points have not yet been added.

Vendors	Products
Netcat	Netcat

Configuration 1 [-]

OR	cpe:2.3:a:netcat:netcat::::::::
	cpe:2.3:a:netcat:netcat:1.1:::::::*
	cpe:2.3:a:netcat:netcat:2.0:::::::*
	cpe:2.3:a:netcat:netcat:2.1:::::::*
	cpe:2.3:a:netcat:netcat:2.2:::::::*
	cpe:2.3:a:netcat:netcat:2.3:::::::*
	cpe:2.3:a:netcat:netcat:2.4:::::::*
	cpe:2.3:a:netcat:netcat:3.0:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2008-5712	Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://securityreason.com/securityalert/4819
http://www.securityfocus.com/bid/32992
https://www.exploit-db.com/exploits/7560

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-26T20:00:00

Updated: 2024-08-07T11:04:44.420Z

Reserved: 2008-12-26T00:00:00

Link: CVE-2008-5742

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-12-26T20:30:00.360

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5742

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-23T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an \"HTTP Response Splitting\" section in the original disclosure."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4819", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4819"}, {"name": "7560", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7560"}, {"name": "32992", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32992"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5742", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an \"HTTP Response Splitting\" section in the original disclosure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4819", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4819"}, {"name": "7560", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7560"}, {"name": "32992", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32992"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:44.420Z"}, "title": "CVE Program Container", "references": [{"name": "4819", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4819"}, {"name": "7560", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7560"}, {"name": "32992", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32992"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5742", "datePublished": "2008-12-26T20:00:00", "dateReserved": "2008-12-26T00:00:00", "dateUpdated": "2024-08-07T11:04:44.420Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netcat:netcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AEB2D63-CC6D-4A4E-B74F-05ED07069920", "versionEndIncluding": "3.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B63CEAE5-9423-4CBA-A493-D5EC71441857", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B52E6C38-426E-49F4-9BA7-CF83ACDB97D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A988705-A606-4AA2-8753-3F95226CDCE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "894816D2-6D9F-4417-B67D-141A5D4B66B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "8C3740EA-278A-45ED-879D-FB8B25394F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "604479AA-BA7C-4793-A6D5-E7DEA5D7461F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "07F9D73E-1A8D-4863-9A4C-3B650175206C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an \"HTTP Response Splitting\" section in the original disclosure."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de redirecci\u00f3n abierta en AIST NetCat 3.12 y anteriores permite a atacantes remotos redirigir usuarios a sitios web de su elecci\u00f3n y llevar a cabo ataques de phishing mediante (1) el par\u00e1metro redirect en una acci\u00f3n de logoff a modules/auth/index.php o (2) el par\u00e1metro url a modules/linkmanager/redirect.php. NOTA: esto se report\u00f3 en una secci\u00f3n \"Separaci\u00f3n de Respuesta HTTP\" en el momento que se mostr\u00f3 el original."}], "id": "CVE-2008-5742", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-12-26T20:30:00.360", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4819"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32992"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4819"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32992"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/7560"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}