Lucene search

[email protected]CVE-2009-4773

HistoryApr 20, 2010 - 2:30 p.m.

CVE-2009-4773

2010-04-2014:30:01

CWE-352

[email protected]

web.nvd.nist.gov

csrf

vulnerability

ubercart

drupal

authentication

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.6%

JSON

Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Affected configurations

NVD

Node

ubercartubercartMatch5.x-1.0

ubercartubercartMatch5.x-1.0alpha1

ubercartubercartMatch5.x-1.0alpha2

ubercartubercartMatch5.x-1.0alpha3

ubercartubercartMatch5.x-1.0alpha4

ubercartubercartMatch5.x-1.0alpha5

ubercartubercartMatch5.x-1.0alpha6

ubercartubercartMatch5.x-1.0alpha6b

ubercartubercartMatch5.x-1.0alpha6c

ubercartubercartMatch5.x-1.0alpha7

ubercartubercartMatch5.x-1.0alpha7b

ubercartubercartMatch5.x-1.0alpha7c

ubercartubercartMatch5.x-1.0alpha7d

ubercartubercartMatch5.x-1.0alpha7e

ubercartubercartMatch5.x-1.0alpha8

ubercartubercartMatch5.x-1.0beta1

ubercartubercartMatch5.x-1.0beta2

ubercartubercartMatch5.x-1.0beta3

ubercartubercartMatch5.x-1.0beta4

ubercartubercartMatch5.x-1.0beta5

ubercartubercartMatch5.x-1.0beta6

ubercartubercartMatch5.x-1.0beta7

ubercartubercartMatch5.x-1.0rc1

ubercartubercartMatch5.x-1.0rc2

ubercartubercartMatch5.x-1.0rc3

ubercartubercartMatch5.x-1.0rc4

ubercartubercartMatch5.x-1.0rc5

ubercartubercartMatch5.x-1.1

ubercartubercartMatch5.x-1.2

ubercartubercartMatch5.x-1.3

ubercartubercartMatch5.x-1.3rc1

ubercartubercartMatch5.x-1.4

ubercartubercartMatch5.x-1.5

ubercartubercartMatch5.x-1.6

ubercartubercartMatch5.x-1.7

ubercartubercartMatch5.x-1.8

ubercartubercartMatch6.x-2.0

ubercartubercartMatch6.x-2.0beta1

ubercartubercartMatch6.x-2.0beta2

ubercartubercartMatch6.x-2.0beta3

ubercartubercartMatch6.x-2.0beta4

ubercartubercartMatch6.x-2.0beta5

ubercartubercartMatch6.x-2.0beta6

ubercartubercartMatch6.x-2.0dev

ubercartubercartMatch6.x-2.0rc1

ubercartubercartMatch6.x-2.0rc2

ubercartubercartMatch6.x-2.0rc3

ubercartubercartMatch6.x-2.0rc4

ubercartubercartMatch6.x-2.0rc5

ubercartubercartMatch6.x-2.0rc6

ubercartubercartMatch6.x-2.0rc7

AND

drupaldrupal

CPENameOperatorVersion
ubercart:ubercartubercarteq5.x-1.0
ubercart:ubercartubercarteq5.x-1.1
ubercart:ubercartubercarteq5.x-1.2
ubercart:ubercartubercarteq5.x-1.3
ubercart:ubercartubercarteq5.x-1.4
ubercart:ubercartubercarteq5.x-1.5
ubercart:ubercartubercarteq5.x-1.6
ubercart:ubercartubercarteq5.x-1.7
ubercart:ubercartubercarteq5.x-1.8
ubercart:ubercartubercarteq6.x-2.0

CPE	Name	Operator	Version
ubercart:ubercart	ubercart	eq	5.x-1.0
ubercart:ubercart	ubercart	eq	5.x-1.1
ubercart:ubercart	ubercart	eq	5.x-1.2
ubercart:ubercart	ubercart	eq	5.x-1.3
ubercart:ubercart	ubercart	eq	5.x-1.4
ubercart:ubercart	ubercart	eq	5.x-1.5
ubercart:ubercart	ubercart	eq	5.x-1.6
ubercart:ubercart	ubercart	eq	5.x-1.7
ubercart:ubercart	ubercart	eq	5.x-1.8
ubercart:ubercart	ubercart	eq	6.x-2.0

References

drupal.org/node/636576

osvdb.org/60292

secunia.com/advisories/37440

www.securityfocus.com/bid/37058

exchange.xforce.ibmcloud.com/vulnerabilities/54344

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for CVE-2009-4773

nvd1 prion1 cvelist1