CVE-2008-6440

Description

Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.

Affected products

• Cerberus / cerberus_helpdesk2.5 – 2.5
• webgroupmedia / cerberus_helpdesk3.3
• webgroupmedia / cerberus_helpdesk0.97.3 – 0.97.3
• webgroupmedia / cerberus_helpdesk2.0 – 2.0
• webgroupmedia / cerberus_helpdesk2.1 – 2.1
• webgroupmedia / cerberus_helpdesk2.2 – 2.2
• webgroupmedia / cerberus_helpdesk2.3 – 2.3
• webgroupmedia / cerberus_helpdesk2.4 – 2.4
• webgroupmedia / cerberus_helpdesk2.6.1 – 2.6.1
• webgroupmedia / cerberus_helpdesk2.7 – 2.7
• webgroupmedia / cerberus_helpdesk2.7.1 – 2.7.1
• webgroupmedia / cerberus_helpdesk2.649 – 2.649
• webgroupmedia / cerberus_helpdesk3.2 – 3.2
• webgroupmedia / cerberus_helpdesk3.2.1 – 3.2.1

References

• MISChttp://www.securityfocus.com/bid/29335
• VENDOR_ADVISORYhttp://secunia.com/advisories/30344
• MISChttp://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/