Lucene search

MitreCVE-2011-1905

HistoryMay 05, 2011 - 2:55 p.m.

CVE-2011-1905

2011-05-0514:55:03

CWE-352

mitre

web.nvd.nist.gov

cve-2011-1905

cross-site request forgery

csrf

proofpoint

messaging security gateway

protection server

remote attackers

hijack authentication

administrators

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

51.9%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors.

Affected configurations

Nvd

Node

proofpointmessaging_security_gatewayRange≤6.2.0.263\:6.2.0.237

proofpointprotection_serverMatch5.5.3

proofpointprotection_serverMatch5.5.4

proofpointprotection_serverMatch5.5.5

proofpointprotection_serverMatch6.0.2

proofpointprotection_serverMatch6.1.1

proofpointprotection_serverMatch6.2.0

VendorProductVersionCPE
proofpointmessaging_security_gateway*cpe:2.3:a:proofpoint:messaging_security_gateway:*:*:*:*:*:*:*:*
proofpointprotection_server5.5.3cpe:2.3:a:proofpoint:protection_server:5.5.3:*:*:*:*:*:*:*
proofpointprotection_server5.5.4cpe:2.3:a:proofpoint:protection_server:5.5.4:*:*:*:*:*:*:*
proofpointprotection_server5.5.5cpe:2.3:a:proofpoint:protection_server:5.5.5:*:*:*:*:*:*:*
proofpointprotection_server6.0.2cpe:2.3:a:proofpoint:protection_server:6.0.2:*:*:*:*:*:*:*
proofpointprotection_server6.1.1cpe:2.3:a:proofpoint:protection_server:6.1.1:*:*:*:*:*:*:*
proofpointprotection_server6.2.0cpe:2.3:a:proofpoint:protection_server:6.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
proofpoint	messaging_security_gateway	*	cpe:2.3:a:proofpoint:messaging_security_gateway::::::::
proofpoint	protection_server	5.5.3	cpe:2.3:a:proofpoint:protection_server:5.5.3:::::::*
proofpoint	protection_server	5.5.4	cpe:2.3:a:proofpoint:protection_server:5.5.4:::::::*
proofpoint	protection_server	5.5.5	cpe:2.3:a:proofpoint:protection_server:5.5.5:::::::*
proofpoint	protection_server	6.0.2	cpe:2.3:a:proofpoint:protection_server:6.0.2:::::::*
proofpoint	protection_server	6.1.1	cpe:2.3:a:proofpoint:protection_server:6.1.1:::::::*
proofpoint	protection_server	6.2.0	cpe:2.3:a:proofpoint:protection_server:6.2.0:::::::*

References

www.clearskies.net/documents/css-advisory-css1105-proofpoint.php

www.kb.cert.org/vuls/id/790980

support.proofpoint.com/article.cgi?article_id=338413

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

51.9%

JSON

Related for CVE-2011-1905