Lucene search

[email protected]CVE-2011-5284

HistoryDec 31, 2014 - 10:59 p.m.

CVE-2011-5284

2014-12-3122:59:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2011-5284

csrf vulnerability

smoothwall express

web management interface

httpd/cgi-bin/shutdown.cgi

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.8%

JSON

Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi.

CPENameOperatorVersion
smoothwall:smoothwallsmoothwallle3.1
smoothwall:smoothwallsmoothwalleq3.0

CPE	Name	Operator	Version
smoothwall:smoothwall	smoothwall	le	3.1
smoothwall:smoothwall	smoothwall	eq	3.0

References

osvdb.org/show/osvdb/70497

packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

www.exploit-db.com/exploits/16006

exchange.xforce.ibmcloud.com/vulnerabilities/99403

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for CVE-2011-5284

prion1 cvelist1