What is CVE-2014-8684?

CVE-2014-8684 is a critical-severity vulnerability in Codeigniter, classified under Cryptographic Issues. CVSS score: 9.8/10. Published 2017-09-19.

How severe is CVE-2014-8684?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2014-8684 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Codeigniter

CVE-2014-8684

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.715 (99.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Codeigniter
Kohanaframework Kohana — versions 3.2.3, 3.3.0, 3.3.1
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (Third Party Advisory, x_refsource_MISC)
cve@mitre.org (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2014-8684?: CVE-2014-8684 is a critical-severity vulnerability in Codeigniter, classified under Cryptographic Issues. CVSS score: 9.8/10. Published 2017-09-19.
How severe is CVE-2014-8684?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2014-8684 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.