CVE-2008-3375
published 2008-07-30CVE-2008-3375: The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access…
PriorityP357high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.56%
87.9th percentile
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
Affected
68 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jamroom | jamroom | <= 3.3.8 | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
| jamroom | jamroom | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for HTTP requests carrying a JMU_Cookie cookie whose value contains serialized PHP data with a boolean true/false value, which is the mechanism used to bypass authentication in the jrCookie function. ↗
- →Flag any unauthenticated or low-privilege session that suddenly gains administrative access in JamRoom versions prior to 3.4.0, as exploitation grants full admin rights. ↗
- ·The vulnerable code path is specifically within the jrCookie function; patched versions (3.4.0 and above) are not affected. Ensure the application is running a vulnerable version (e.g., 3.3.8) before treating detections as true positives. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/31249http://securityreason.com/securityalert/4069http://www.gulftech.org/?node=research&article_id=00117-07282008http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1178http://www.jamroom.net/phpBB2/viewtopic.php?t=24454http://www.securityfocus.com/archive/1/494820/100/0/threadedhttp://www.securityfocus.com/bid/30406https://exchange.xforce.ibmcloud.com/vulnerabilities/44048http://secunia.com/advisories/31249http://securityreason.com/securityalert/4069http://www.gulftech.org/?node=research&article_id=00117-07282008http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1178http://www.jamroom.net/phpBB2/viewtopic.php?t=24454http://www.securityfocus.com/archive/1/494820/100/0/threadedhttp://www.securityfocus.com/bid/30406https://exchange.xforce.ibmcloud.com/vulnerabilities/44048
2008-07-30
Published