Lucene search

[email protected]CVE-2010-5085

HistoryFeb 14, 2012 - 8:55 p.m.

CVE-2010-5085

2012-02-1420:55:04

CWE-352

[email protected]

web.nvd.nist.gov

csrf

vulnerabilities

hulihan amethyst 0.1.5

admin/update_user

cve-2010-5085

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site’s configuration.

Affected configurations

NVD

Node

hulihanapplicationsamethystMatch0.1.5

CPENameOperatorVersion
hulihanapplications:amethysthulihanapplications amethysteq0.1.5

CPE	Name	Operator	Version
hulihanapplications:amethyst	hulihanapplications amethyst	eq	0.1.5

References

dev.hulihanapplications.com/issues/show/208

marc.info/?l=bugtraq&m=128104795219200&w=2

secunia.com/advisories/40874

www.htbridge.ch/advisory/xsrf_csrf_in_amethyst.html

www.osvdb.org/67043

www.vupen.com/english/advisories/2010/2022

exchange.xforce.ibmcloud.com/vulnerabilities/60947

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.8%

JSON

Related for CVE-2010-5085

htbridge1 prion1 cvelist1 nvd1