Lucene search

[email protected]CVE-2010-5285

HistoryNov 26, 2012 - 11:55 p.m.

CVE-2010-5285

2012-11-2623:55:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2010-5285

cross-site request forgery

csrf

collabtive 0.6.5

admin.php

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.2%

JSON

Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.

CPENameOperatorVersion
o-dyn:collabtiveo-dyn collabtiveeq0.6.5

CPE	Name	Operator	Version
o-dyn:collabtive	o-dyn collabtive	eq	0.6.5

References

packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt

secunia.com/advisories/41805

www.anatoliasecurity.com/adv/as-adv-2010-003.txt

www.exploit-db.com/exploits/15240

www.securityfocus.com/bid/44050

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.2%

JSON

Related for CVE-2010-5285

cvelist1 prion1 ubuntucve1 openvas2