Lucene search

[email protected]CVE-2012-1236

HistoryMar 19, 2012 - 9:55 p.m.

CVE-2012-1236

2012-03-1921:55:01

CWE-352

[email protected]

web.nvd.nist.gov

csrf

janetter

vulnerability

hijacking

authentication

image upload

command execution

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.2%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands.

Affected configurations

NVD

Node

janetterjanetterRange≤3.2.1.1

janetterjanetterMatch1.0.0.0

janetterjanetterMatch1.1.0.0

janetterjanetterMatch1.2.0.0

janetterjanetterMatch1.2.1.0

janetterjanetterMatch1.3.0.0

janetterjanetterMatch1.4.0.0

janetterjanetterMatch1.5.0.0

janetterjanetterMatch1.6.0.0

janetterjanetterMatch1.6.1.0

janetterjanetterMatch1.6.2.0

janetterjanetterMatch1.6.3.0

janetterjanetterMatch1.7.0.0

janetterjanetterMatch1.7.1.0

janetterjanetterMatch1.7.2.0

janetterjanetterMatch2.0.0.1

janetterjanetterMatch2.0.1.0

janetterjanetterMatch2.0.2.0

janetterjanetterMatch2.0.3.0

janetterjanetterMatch2.1.0.0

janetterjanetterMatch2.1.1.0

janetterjanetterMatch2.1.1.1

janetterjanetterMatch2.1.1.2

janetterjanetterMatch2.2.0.0

janetterjanetterMatch2.3.0.0

janetterjanetterMatch2.4.0.0

janetterjanetterMatch2.5.0.0

janetterjanetterMatch2.5.1.0

janetterjanetterMatch3.0.0.0

janetterjanetterMatch3.1.0.0

janetterjanetterMatch3.1.0.1

janetterjanetterMatch3.1.1.0

janetterjanetterMatch3.2.0.0

janetterjanetterMatch3.2.1.0

CPENameOperatorVersion
janetter:janetterjanetterle3.2.1.1
janetter:janetterjanettereq1.0.0.0
janetter:janetterjanettereq1.1.0.0
janetter:janetterjanettereq1.2.0.0
janetter:janetterjanettereq1.2.1.0
janetter:janetterjanettereq1.3.0.0
janetter:janetterjanettereq1.4.0.0
janetter:janetterjanettereq1.5.0.0
janetter:janetterjanettereq1.6.0.0
janetter:janetterjanettereq1.6.1.0

CPE	Name	Operator	Version
janetter:janetter	janetter	le	3.2.1.1
janetter:janetter	janetter	eq	1.0.0.0
janetter:janetter	janetter	eq	1.1.0.0
janetter:janetter	janetter	eq	1.2.0.0
janetter:janetter	janetter	eq	1.2.1.0
janetter:janetter	janetter	eq	1.3.0.0
janetter:janetter	janetter	eq	1.4.0.0
janetter:janetter	janetter	eq	1.5.0.0
janetter:janetter	janetter	eq	1.6.0.0
janetter:janetter	janetter	eq	1.6.1.0

Rows per page:

1-10 of 341

References

blog.janetter.net/

janetter.net/history.html

jvn.jp/en/jp/JVN83459967/index.html

jvndb.jvn.jp/jvndb/JVNDB-2012-000027

secunia.com/advisories/48480

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.2%

JSON

Related for CVE-2012-1236

nvd1 cvelist1 jvn1 prion1