Cross-Site Request Forgery Vulnerability in Akamai Client by Akamai Technologies
CVE-2008-1106

Currently unrated

Key Information:

Vendor: Akamai Technologies
Status: Client
Vendor: CVE Published:; 9 June 2008

🔔 Create Akamai Technologies Vulnerability Alert

What is CVE-2008-1106?

The Akamai Client software (formerly Red Swoosh) contains a vulnerability in its management interface that allows remote attackers to bypass authentication mechanisms. Exploitation can occur through an HTTP request either lacking a Referer header or utilizing a spoofed Referer header that appears to come from an approved domain. This vulnerability enables attackers to execute Cross-Site Request Forgery attacks, potentially forcing the client to download and execute arbitrary files, compromising user security and system integrity.

References

http://www.securityfocus.com/archive/1/493170/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/42895

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2008/1761/references

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2008
Vulnerability Reserved
Feb 29, 2008