Lucene search

[email protected]CVE-2008-0556

HistoryFeb 19, 2008 - 12:00 a.m.

CVE-2008-0556

2008-02-1900:00:00

CWE-352

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-0556

cross-site request forgery

csrf

openca pki

raserver

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.7%

JSON

Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer.

Affected configurations

NVD

Node

opencaopenca_pkiRange≤0.9.2.5

CPENameOperatorVersion
openca:openca_pkiopenca openca pkile0.9.2.5

CPE	Name	Operator	Version
openca:openca_pki	openca openca pki	le	0.9.2.5

References

lists.grok.org.uk/pipermail/full-disclosure/2008-February/060300.html

secunia.com/advisories/28951

securitytracker.com/id?1019426

www.kb.cert.org/vuls/id/264385

www.vupen.com/english/advisories/2008/0588

exchange.xforce.ibmcloud.com/vulnerabilities/40476

www.cynops.de/advisories/CVE-2008-0556.txt

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.7%

JSON

Related for CVE-2008-0556

cert1 cvelist1 prion1 nvd1