CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
69.8%
Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.
Vendor | Product | Version | CPE |
---|---|---|---|
bestpractical | rt | 3.8.3 | cpe:/a:bestpractical:rt:3.8.3:rc2:: |
bestpractical | rt | 3.6.2 | cpe:/a:bestpractical:rt:3.6.2:rc1:: |
bestpractical | rt | 3.8.3 | cpe:/a:bestpractical:rt:3.8.3:rc1:: |
bestpractical | rt | 3.8.6 | cpe:/a:bestpractical:rt:3.8.6::: |
bestpractical | rt | 3.6.0 | cpe:/a:bestpractical:rt:3.6.0:rc2:: |
bestpractical | rt | 3.5.4 | cpe:/a:bestpractical:rt:3.5.4::: |
bestpractical | rt | 3.4.6 | cpe:/a:bestpractical:rt:3.4.6:rc2:: |
bestpractical | rt | 3.4.6 | cpe:/a:bestpractical:rt:3.4.6::: |
bestpractical | rt | 3.8.2 | cpe:/a:bestpractical:rt:3.8.2:rc1:: |
bestpractical | rt | 2.0.6 | cpe:/a:bestpractical:rt:2.0.6::: |
lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html
lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html
lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html
secunia.com/advisories/49259
www.securityfocus.com/bid/53660
lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E