PublicDate: 2006-08-31 01:04:00 UTC
Candidate: CVE-2006-4244
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4244
Description:
 SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the
 value of the sql-ledger-[username] cookie matches the value of the
 sessionid parameter, which allows remote attackers to gain access as any
 logged-in user by setting the cookie and the parameter to the same value.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_sql-ledger: ignored (reached end-of-life)
edgy_sql-ledger: released (2.6.19-1)
feisty_sql-ledger: released (2.6.19-1)
gutsy_sql-ledger: released (2.6.19-1)
hardy_sql-ledger: released (2.6.19-1)
intrepid_sql-ledger: released (2.6.19-1)
jaunty_sql-ledger: released (2.6.19-1)
karmic_sql-ledger: released (2.6.19-1)
devel_sql-ledger: released (2.6.19-1)
upstream_sql-ledger: needs-triage