Lucene search

[email protected]CVE-2009-0708

HistoryFeb 23, 2009 - 3:30 p.m.

CVE-2009-0708

2009-02-2315:30:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2009-0708

csrf

semanticscuttle

authentication hijacking

security vulnerability

8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack the authentication of arbitrary users via vectors involving the profile page.

CPENameOperatorVersion
semanticscuttle:semanticscuttlesemanticscuttleeq0.88
semanticscuttle:semanticscuttlesemanticscuttleeq0.86
semanticscuttle:semanticscuttlesemanticscuttleeq0.89
semanticscuttle:semanticscuttlesemanticscuttleeq0.87
semanticscuttle:semanticscuttlesemanticscuttleeq0.85
semanticscuttle:semanticscuttlesemanticscuttlele0.90

CPE	Name	Operator	Version
semanticscuttle:semanticscuttle	semanticscuttle	eq	0.88
semanticscuttle:semanticscuttle	semanticscuttle	eq	0.86
semanticscuttle:semanticscuttle	semanticscuttle	eq	0.89
semanticscuttle:semanticscuttle	semanticscuttle	eq	0.87
semanticscuttle:semanticscuttle	semanticscuttle	eq	0.85
semanticscuttle:semanticscuttle	semanticscuttle	le	0.90

References

secunia.com/advisories/33383

sourceforge.net/project/shownotes.php?release_id=651587

8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.0%

JSON

Related for CVE-2009-0708

cvelist1 prion1