CVE-2008-6440 - Vulnerability Details - OpenCVE

Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cerberus	Cerberus Helpdesk
Webgroupmedia	Cerberus Helpdesk

Configuration 1 [-]

OR	cpe:2.3:a:cerberus:cerberus_helpdesk:2.5:::::::*
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk::::::::
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:0.97.3:::::::*
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.0:::::::*
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.1:::::::*
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.2:::::::*
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.3:::::::*
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.4:::::::*
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.6.1:::::::*
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.7:::::::*
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.7.1:development_release::::::
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.649:::::::*
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:3.2:::::::*
	cpe:2.3:a:webgroupmedia:cerberus_helpdesk:3.2.1:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/30344
http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/
http://www.securityfocus.com/bid/29335

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-06T18:00:00Z

Updated: 2024-09-16T21:07:47.057Z

Reserved: 2009-03-06T00:00:00Z

Link: CVE-2008-6440

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-03-06T18:30:00.703

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-6440

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for \"controllers ... that aren't standard helpdesk pages,\" possibly involving the (1) /display and (2) /kb URIs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-03-06T18:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29335", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29335"}, {"name": "30344", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30344"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6440", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for \"controllers ... that aren't standard helpdesk pages,\" possibly involving the (1) /display and (2) /kb URIs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29335", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29335"}, {"name": "30344", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30344"}, {"name": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/", "refsource": "CONFIRM", "url": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:27:35.949Z"}, "title": "CVE Program Container", "references": [{"name": "29335", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29335"}, {"name": "30344", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30344"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6440", "datePublished": "2009-03-06T18:00:00Z", "dateReserved": "2009-03-06T00:00:00Z", "dateUpdated": "2024-09-16T21:07:47.057Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cerberus:cerberus_helpdesk:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "1C6F44C4-A739-455A-BCAB-31D451617E8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9C0B41F-159F-4CD9-B14A-314604EBF680", "versionEndIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:0.97.3:*:*:*:*:*:*:*", "matchCriteriaId": "5A5F9D6D-3ED3-4E5A-A381-0C53407224D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B99D671F-2887-4224-8E0E-C45528071BAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1903F2F5-DB22-4CBA-86E7-D6E4482D762E", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "7148995A-B65B-4223-878E-738086406C1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "C4093ACE-47A5-4D3A-8102-7B2A987A6D61", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "3981BFBC-321D-47FD-92FA-A4AC2CC3B38E", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE71308B-ED33-4AB5-A8DC-1EFC6517E93F", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "EC3CA063-B7F7-4445-8603-39AA89105562", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.7.1:development_release:*:*:*:*:*:*", "matchCriteriaId": "2B88F76F-DD8B-4D51-9844-E4CBBA9E69EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:2.649:*:*:*:*:*:*:*", "matchCriteriaId": "5C335BB8-EAE8-41CF-80F5-55723B4A23B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "CF99B700-332F-4349-BA86-81E043595300", "vulnerable": true}, {"criteria": "cpe:2.3:a:webgroupmedia:cerberus_helpdesk:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2D4EA63-1513-417B-8465-0F3853ECCACF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for \"controllers ... that aren't standard helpdesk pages,\" possibly involving the (1) /display and (2) /kb URIs."}, {"lang": "es", "value": "Cerberus Helpdesk versiones anteriores a v4.0 (Build 600) permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de peticiones directas para \"controladores ... que no est\u00e1n en p\u00e1ginas est\u00e1ndar de ayuda,\" posiblemente envolviendo las URIs (1) /display y (2) /kb."}], "id": "CVE-2008-6440", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-06T18:30:00.703", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30344"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29335"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30344"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29335"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}