This host is running aflog and is prone to cookie-based authentication bypass vulnerability.
Exploitation will allow an attacker to gain administrative access and bypass authentication. Impact Level: System
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. For updates refer to http://www.aflog.org/
The flaw is due to inadequacy in verifying user-supplied input used for cookie-based authentication by setting the aflog_auth_a cookie to 'A' or 'O' in edit_delete.php, edit_cat.php, edit_lock.php, and edit_form.php.
aflog versions 1.01 and prior on all running platform
Updated on 2017-03-28
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- AjaXplorer zoho plugin Directory Traversal Vulnerability
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- Adobe ColdFusion Directory Traversal Vulnerability