Lucene search
MitreCVE-2010-2594HistoryJul 02, 2010 - 12:43 p.m.
CVE-2010-2594
2010-07-0212:43:52
CWE-352
mitre
web.nvd.nist.gov
32
cve-2010-2594
csrf vulnerabilities
intersect alliance snare agent
authentication hijacking
security vulnerabilities
nvd
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.002
Percentile
61.1%
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
Affected configurations
Node
intersect_alliancesnare_agentRange≤3.2.3
ORintersect_alliancesnare_agentMatch2.0
ORintersect_alliancesnare_agentMatch2.1
ORintersect_alliancesnare_agentMatch2.3
ORintersect_alliancesnare_agentMatch2.4
ORintersect_alliancesnare_agentMatch2.5
ORintersect_alliancesnare_agentMatch2.5.2
ORintersect_alliancesnare_agentMatch2.5.3
ORintersect_alliancesnare_agentMatch2.5.4
ORintersect_alliancesnare_agentMatch2.5.6
ORintersect_alliancesnare_agentMatch2.5.7
ORintersect_alliancesnare_agentMatch3.0.0
ORintersect_alliancesnare_agentMatch3.1.0
ORintersect_alliancesnare_agentMatch3.2.0
ORintersect_alliancesnare_agentMatch3.2.1
ORintersect_alliancesnare_agentMatch3.2.2
sunsolaris
Node
intersect_alliancesnare_agentRange≤3.1.7
ORintersect_alliancesnare_agentMatch3.0.0
ORintersect_alliancesnare_agentMatch3.1.0
ORintersect_alliancesnare_agentMatch3.1.2
ORintersect_alliancesnare_agentMatch3.1.3
ORintersect_alliancesnare_agentMatch3.1.4
ORintersect_alliancesnare_agentMatch3.1.5
ORintersect_alliancesnare_agentMatch3.1.6
microsoftwindows_2000
ORmicrosoftwindows_2003_server
ORmicrosoftwindows_xp
Node
intersect_alliancesnare_agentRange≤1.5.0
ORintersect_alliancesnare_agentMatch0.9.2
ORintersect_alliancesnare_agentMatch0.9.6
ORintersect_alliancesnare_agentMatch0.9.7
ORintersect_alliancesnare_agentMatch0.9.7a
ORintersect_alliancesnare_agentMatch0.9.8
ORintersect_alliancesnare_agentMatch1.0
ORintersect_alliancesnare_agentMatch1.1
ORintersect_alliancesnare_agentMatch1.2
ORintersect_alliancesnare_agentMatch1.3
ORintersect_alliancesnare_agentMatch1.4
ORintersect_alliancesnare_agentMatch1.4.1
linuxlinux_kernelMatch-
Node
intersect_alliancesnare_agentRange≤1.4
ORintersect_alliancesnare_agentMatch1.0
ORintersect_alliancesnare_agentMatch1.2
ORintersect_alliancesnare_agentMatch1.3
sgiirix
Node
intersect_alliancesnare_epilogRange≤1.5.3
ORintersect_alliancesnare_epilogMatch1.1
ORintersect_alliancesnare_epilogMatch1.2
ORintersect_alliancesnare_epilogMatch1.3
ORintersect_alliancesnare_epilogMatch1.3.1
ORintersect_alliancesnare_epilogMatch1.3.3
ORintersect_alliancesnare_epilogMatch1.4.0
ORintersect_alliancesnare_epilogMatch1.5.0
ORintersect_alliancesnare_epilogMatch1.5.1
ORintersect_alliancesnare_epilogMatch1.5.2
microsoftwindows
Node
intersect_alliancesnare_epilogRange≤1.2
ORintersect_alliancesnare_epilogMatch1.1
unixunix
Node
intersect_alliancesnare_agentRange≤1.5.0
ORintersect_alliancesnare_agentMatch1.0
ORintersect_alliancesnare_agentMatch1.2
ORintersect_alliancesnare_agentMatch1.3
ORintersect_alliancesnare_agentMatch1.4
ibmaix
Node
intersect_alliancesnare_agentRange≤1.1.4
ORintersect_alliancesnare_agentMatch1.0
ORintersect_alliancesnare_agentMatch1.0.1
ORintersect_alliancesnare_agentMatch1.1.0
ORintersect_alliancesnare_agentMatch1.1.1
ORintersect_alliancesnare_agentMatch1.1.2
microsoftwindows_7
ORmicrosoftwindows_server_2008Match-
ORmicrosoftwindows_vista
| Vendor | Product | Version | CPE |
|---|---|---|---|
| intersect_alliance | snare_agent | * | cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:* |
| intersect_alliance | snare_agent | 2.0 | cpe:2.3:a:intersect_alliance:snare_agent:2.0:*:*:*:*:*:*:* |
| intersect_alliance | snare_agent | 2.1 | cpe:2.3:a:intersect_alliance:snare_agent:2.1:*:*:*:*:*:*:* |
| intersect_alliance | snare_agent | 2.3 | cpe:2.3:a:intersect_alliance:snare_agent:2.3:*:*:*:*:*:*:* |
| intersect_alliance | snare_agent | 2.4 | cpe:2.3:a:intersect_alliance:snare_agent:2.4:*:*:*:*:*:*:* |
| intersect_alliance | snare_agent | 2.5 | cpe:2.3:a:intersect_alliance:snare_agent:2.5:*:*:*:*:*:*:* |
| intersect_alliance | snare_agent | 2.5.2 | cpe:2.3:a:intersect_alliance:snare_agent:2.5.2:*:*:*:*:*:*:* |
| intersect_alliance | snare_agent | 2.5.3 | cpe:2.3:a:intersect_alliance:snare_agent:2.5.3:*:*:*:*:*:*:* |
| intersect_alliance | snare_agent | 2.5.4 | cpe:2.3:a:intersect_alliance:snare_agent:2.5.4:*:*:*:*:*:*:* |
| intersect_alliance | snare_agent | 2.5.6 | cpe:2.3:a:intersect_alliance:snare_agent:2.5.6:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2010-07-02 12:43:00
kaspersky
kaspersky
KLA10331 SB vulnerability in Snare
2010-07-02 00:00:00
nvd
nvd
CVE-2010-2594
2010-07-02 12:43:52
cvelist
cvelist
CVE-2010-2594
2010-07-01 18:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.002
Percentile
61.1%
Related for CVE-2010-2594