Lucene search

[email protected]CVE-2010-5088

HistoryAug 26, 2012 - 6:55 p.m.

CVE-2010-5088

2012-08-2618:55:01

CWE-352

[email protected]

web.nvd.nist.gov

cve-2010-5088

cross-site request forgery

csrf

silverstripe

remote attack

authentication hijacking

controller actions

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.2%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087.

Affected configurations

NVD

Node

silverstripesilverstripeMatch2.3.0

silverstripesilverstripeMatch2.3.0rc1

silverstripesilverstripeMatch2.3.0rc2

silverstripesilverstripeMatch2.3.0rc3

silverstripesilverstripeMatch2.3.1

silverstripesilverstripeMatch2.3.1rc1

silverstripesilverstripeMatch2.3.1rc2

silverstripesilverstripeMatch2.3.2

silverstripesilverstripeMatch2.3.3

silverstripesilverstripeMatch2.3.4

silverstripesilverstripeMatch2.3.5

silverstripesilverstripeMatch2.3.6

silverstripesilverstripeMatch2.3.7

silverstripesilverstripeMatch2.3.8

silverstripesilverstripeMatch2.4.0

silverstripesilverstripeMatch2.4.1

silverstripesilverstripeMatch2.4.2

CPENameOperatorVersion
silverstripe:silverstripesilverstripeeq2.3.0
silverstripe:silverstripesilverstripeeq2.3.1
silverstripe:silverstripesilverstripeeq2.3.2
silverstripe:silverstripesilverstripeeq2.3.3
silverstripe:silverstripesilverstripeeq2.3.4
silverstripe:silverstripesilverstripeeq2.3.5
silverstripe:silverstripesilverstripeeq2.3.6
silverstripe:silverstripesilverstripeeq2.3.7
silverstripe:silverstripesilverstripeeq2.3.8
silverstripe:silverstripesilverstripeeq2.4.0

CPE	Name	Operator	Version
silverstripe:silverstripe	silverstripe	eq	2.3.0
silverstripe:silverstripe	silverstripe	eq	2.3.1
silverstripe:silverstripe	silverstripe	eq	2.3.2
silverstripe:silverstripe	silverstripe	eq	2.3.3
silverstripe:silverstripe	silverstripe	eq	2.3.4
silverstripe:silverstripe	silverstripe	eq	2.3.5
silverstripe:silverstripe	silverstripe	eq	2.3.6
silverstripe:silverstripe	silverstripe	eq	2.3.7
silverstripe:silverstripe	silverstripe	eq	2.3.8
silverstripe:silverstripe	silverstripe	eq	2.4.0

Rows per page:

1-10 of 121

References

doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.9

doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.3

holisticinfosec.org/content/view/157/45/

open.silverstripe.org/changeset/113275

open.silverstripe.org/changeset/113282

secunia.com/advisories/41717

www.openwall.com/lists/oss-security/2011/01/03/12

www.openwall.com/lists/oss-security/2012/04/30/1

www.openwall.com/lists/oss-security/2012/04/30/3

www.openwall.com/lists/oss-security/2012/05/01/3

www.osvdb.org/69113

www.securityfocus.com/bid/44768

exchange.xforce.ibmcloud.com/vulnerabilities/63156

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.2%

JSON

Related for CVE-2010-5088

prion2 nvd2 cvelist2 cve1