Lucene search

[email protected]CVE-2011-1364

HistoryOct 30, 2011 - 7:55 p.m.

CVE-2011-1364

2011-10-3019:55:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2011-1364

cross-site request forgery

csrf vulnerability

google app engine

python sdk

security

nvd

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.1%

JSON

Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.

CPENameOperatorVersion
google:app_engine_python_sdkgoogle app engine python sdkeq1.4.3
google:app_engine_python_sdkgoogle app engine python sdkeq1.1.5
google:app_engine_python_sdkgoogle app engine python sdkeq1.3.4
google:app_engine_python_sdkgoogle app engine python sdkeq1.2.6
google:app_engine_python_sdkgoogle app engine python sdkeq1.2.2
google:app_engine_python_sdkgoogle app engine python sdkeq1.2.7
google:app_engine_python_sdkgoogle app engine python sdkeq1.1.7
google:app_engine_python_sdkgoogle app engine python sdkeq1.0.2
google:app_engine_python_sdkgoogle app engine python sdkeq1.1.3
google:app_engine_python_sdkgoogle app engine python sdkeq1.5.2

CPE	Name	Operator	Version
google:app_engine_python_sdk	google app engine python sdk	eq	1.4.3
google:app_engine_python_sdk	google app engine python sdk	eq	1.1.5
google:app_engine_python_sdk	google app engine python sdk	eq	1.3.4
google:app_engine_python_sdk	google app engine python sdk	eq	1.2.6
google:app_engine_python_sdk	google app engine python sdk	eq	1.2.2
google:app_engine_python_sdk	google app engine python sdk	eq	1.2.7
google:app_engine_python_sdk	google app engine python sdk	eq	1.1.7
google:app_engine_python_sdk	google app engine python sdk	eq	1.0.2
google:app_engine_python_sdk	google app engine python sdk	eq	1.1.3
google:app_engine_python_sdk	google app engine python sdk	eq	1.5.2

Rows per page:

1-10 of 371

References

blog.watchfire.com/files/googleappenginesdk.pdf

code.google.com/p/googleappengine/wiki/SdkReleaseNotes

www.securityfocus.com/bid/50075

exchange.xforce.ibmcloud.com/vulnerabilities/69958

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.1%

JSON

Related for CVE-2011-1364

prion4 securityvulns2 cve3