CVE-2008-5742 - OpenCVE

Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netcat	Netcat

Configuration 1 [-]

OR	cpe:2.3:a:netcat:netcat::::::::
	cpe:2.3:a:netcat:netcat:1.1:::::::*
	cpe:2.3:a:netcat:netcat:2.0:::::::*
	cpe:2.3:a:netcat:netcat:2.1:::::::*
	cpe:2.3:a:netcat:netcat:2.2:::::::*
	cpe:2.3:a:netcat:netcat:2.3:::::::*
	cpe:2.3:a:netcat:netcat:2.4:::::::*
	cpe:2.3:a:netcat:netcat:3.0:::::::*

No data.

References

Link	Providers
http://securityreason.com/securityalert/4819
http://www.securityfocus.com/bid/32992
https://www.exploit-db.com/exploits/7560

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-26T20:00:00

Updated: 2024-08-07T11:04:44.420Z

Reserved: 2008-12-26T00:00:00

Link: CVE-2008-5742

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-12-26T20:30:00.360

Modified: 2017-09-29T01:32:46.620

Link: CVE-2008-5742

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-23T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an \"HTTP Response Splitting\" section in the original disclosure."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4819", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4819"}, {"name": "7560", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7560"}, {"name": "32992", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32992"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5742", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an \"HTTP Response Splitting\" section in the original disclosure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4819", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4819"}, {"name": "7560", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7560"}, {"name": "32992", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32992"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:44.420Z"}, "title": "CVE Program Container", "references": [{"name": "4819", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4819"}, {"name": "7560", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7560"}, {"name": "32992", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32992"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5742", "datePublished": "2008-12-26T20:00:00", "dateReserved": "2008-12-26T00:00:00", "dateUpdated": "2024-08-07T11:04:44.420Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netcat:netcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AEB2D63-CC6D-4A4E-B74F-05ED07069920", "versionEndIncluding": "3.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B63CEAE5-9423-4CBA-A493-D5EC71441857", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B52E6C38-426E-49F4-9BA7-CF83ACDB97D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A988705-A606-4AA2-8753-3F95226CDCE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "894816D2-6D9F-4417-B67D-141A5D4B66B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "8C3740EA-278A-45ED-879D-FB8B25394F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "604479AA-BA7C-4793-A6D5-E7DEA5D7461F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netcat:netcat:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "07F9D73E-1A8D-4863-9A4C-3B650175206C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an \"HTTP Response Splitting\" section in the original disclosure."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de redirecci\u00f3n abierta en AIST NetCat 3.12 y anteriores permite a atacantes remotos redirigir usuarios a sitios web de su elecci\u00f3n y llevar a cabo ataques de phishing mediante (1) el par\u00e1metro redirect en una acci\u00f3n de logoff a modules/auth/index.php o (2) el par\u00e1metro url a modules/linkmanager/redirect.php. NOTA: esto se report\u00f3 en una secci\u00f3n \"Separaci\u00f3n de Respuesta HTTP\" en el momento que se mostr\u00f3 el original."}], "id": "CVE-2008-5742", "lastModified": "2017-09-29T01:32:46.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-12-26T20:30:00.360", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4819"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32992"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7560"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}