7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
71.7%
OpenCA contains a cross site request forgery (XSRF) vulnerability that may allow an attacker to leverage an administrator’s creditials to exectue activities on the Certification Authority.
The OpenCA PKI Development Project\t is an open source out-of-the-box Certification Authority (CA). OpenCA includes various web forms for executing requests and other activities on the CA such as digital certificate issuance. A cross site request forgery (XSRF) vulnerability exists in the way OpenCA processes requests executed via various forms. By manipulating an administrator who is authenticated to the CA via a session cookie to follow a tag that contains CA commands, an attacker may be able to successfully execute the commands on the CA.
An authenticated user can be manipulated into executing activities on the CA - such as digital certificate issuance - without knowledge or consent.
This vulnerability has been addressed in Security Advisory AKLINK-SA-2008-001.
264385
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: February 15, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
This vulnerability has been addressed in Security Advisory AKLINK-SA-2008-001.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23264385 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Alexander Klink of Cynops GmbH.
This document was written by Joseph W. Pruszynski.
CVE IDs: | CVE-2008-0556 |
---|---|
Severity Metric: | 2.39 Date Public: |