CVE-2016-2049 - OpenCVE

examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Janrain	Php-openid

Configuration 1 [-]

cpe:2.3:a:janrain:php-openid:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2016/01/24/2
http://www.openwall.com/lists/oss-security/2016/01/24/5

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-02-01T21:00:00

Updated: 2024-08-05T23:17:49.988Z

Reserved: 2016-01-24T00:00:00

Link: CVE-2016-2049

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2016-02-01T21:59:03.987

Modified: 2016-03-04T17:59:17.717

Link: CVE-2016-2049

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-24T00:00:00", "descriptions": [{"lang": "en", "value": "examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-02-01T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20160124 Re: CVE Request: Host based account hijack attack on php-openid", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/24/5"}, {"name": "[oss-security] 20160124 CVE Request: Host based account hijack attack on php-openid", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/24/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2049", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20160124 Re: CVE Request: Host based account hijack attack on php-openid", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/24/5"}, {"name": "[oss-security] 20160124 CVE Request: Host based account hijack attack on php-openid", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/24/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:17:49.988Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20160124 Re: CVE Request: Host based account hijack attack on php-openid", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/01/24/5"}, {"name": "[oss-security] 20160124 CVE Request: Host based account hijack attack on php-openid", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/01/24/2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2049", "datePublished": "2016-02-01T21:00:00", "dateReserved": "2016-01-24T00:00:00", "dateUpdated": "2024-08-05T23:17:49.988Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:janrain:php-openid:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE4A34AB-37BD-471A-A3B8-591D000C5A4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header."}, {"lang": "es", "value": "examples/consumer/common.php en la librer\u00eda JanRain PHP OpenID (tambi\u00e9n conocida como php-openid) verifica incorrectamente el par\u00e1metro openid.realm contra el elemento SERVER_NAME en el array superglobal SERVER, lo que podr\u00eda permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios a trav\u00e9s de vectores implicando una cabecera HTTP Host manipulada."}], "id": "CVE-2016-2049", "lastModified": "2016-03-04T17:59:17.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-01T21:59:03.987", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/01/24/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/01/24/5"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}