Unrated severityNVD Advisory· Published Jun 9, 2008· Updated Apr 23, 2026

CVE-2008-1106

Description

The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.

Affected products

Akamai Technologies/Client
cpe:2.3:a:akamai_technologies:client:*:*:*:*:*:*:*:*
Range: <=3322
Red Swoosh/Client
cpe:2.3:a:red_swoosh:client:*:*:*:*:*:*:*:*
Range: <=3322

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/30135nvdPatchVendor Advisory
secunia.com/secunia_research/2008-19/advisory/nvdVendor Advisory
securityreason.com/securityalert/3930nvd
www.securityfocus.com/archive/1/493169/100/0/threadednvd
www.securityfocus.com/archive/1/493170/100/0/threadednvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2008/1761/referencesnvd
exchange.xforce.ibmcloud.com/vulnerabilities/42895nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000