CVE-2008-6599 Information

Description

cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control which allows remote attackers to obtain session data via a direct request related to the \default session save path.\

Reference

http://code.google.com/p/cookiecheck/ http://code.google.com/p/cookiecheck/source/browse/patches/cookiecheck-1.0-security-fix-1.patch?spec=svn11&r=11 http://osvdb.org/48865 https://exchange.xforce.ibmcloud.com/vulnerabilities/49827