OpenCVE

Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Joomla	Joomla
Joompolitan	Com Livechat

Configuration 1 [-]

AND

cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*

cpe:2.3:a:joompolitan:com_livechat:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/32803
https://exchange.xforce.ibmcloud.com/vulnerabilities/47305
https://www.exploit-db.com/exploits/7441

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-30T19:00:00

Updated: 2024-08-07T11:49:02.082Z

Reserved: 2009-07-30T00:00:00

Link: CVE-2008-6882

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-07-30T19:30:00.297

Modified: 2024-11-21T00:57:42.560

Link: CVE-2008-6882

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-12T00:00:00", "descriptions": [{"lang": "en", "value": "Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32803", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32803"}, {"name": "livechat-xmlhttp-open-proxy(47305)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47305"}, {"name": "7441", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7441"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6882", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32803", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32803"}, {"name": "livechat-xmlhttp-open-proxy(47305)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47305"}, {"name": "7441", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7441"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:49:02.082Z"}, "title": "CVE Program Container", "references": [{"name": "32803", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32803"}, {"name": "livechat-xmlhttp-open-proxy(47305)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47305"}, {"name": "7441", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7441"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6882", "datePublished": "2009-07-30T19:00:00", "dateReserved": "2009-07-30T00:00:00", "dateUpdated": "2024-08-07T11:49:02.082Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*", "matchCriteriaId": "E45D1087-8182-43A1-81BD-B0D5A535EC98", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:joompolitan:com_livechat:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E47D9C0E-C137-48DC-8B21-0ECBDFCCEC0D", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string."}, {"lang": "es", "value": "Componente Live Chat (com_livechat) v1.0 para Joomla! permite a los atacantes remotos usar la secuencia de comandos xmlhttp.php como un proxy HTTP abierto para esconder una actividad de escaner de la red o un escaner de redes internas a trav\u00e9s de una petici\u00f3n GET con una URL completa en la pregunta."}], "id": "CVE-2008-6882", "lastModified": "2024-11-21T00:57:42.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-30T19:30:00.297", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32803"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47305"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7441"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32803"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47305"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/7441"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}