Lucene search

[email protected]CVE-2012-3362

HistoryJul 12, 2012 - 8:55 p.m.

CVE-2012-3362

2012-07-1220:55:00

CWE-352

[email protected]

web.nvd.nist.gov

extplorer

csrf

vulnerability

adduser

admin action

authentication

hijack

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.8%

JSON

Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action.

CPENameOperatorVersion
extplorer:extplorerextplorerle2.1.0

CPE	Name	Operator	Version
extplorer:extplorer	extplorer	le	2.1.0

References

www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-site.Request.Forgery_174.html

www.debian.org/security/2012/dsa-2510

www.openwall.com/lists/oss-security/2012/06/24/1

www.openwall.com/lists/oss-security/2012/06/25/1

www.openwall.com/lists/oss-security/2012/06/26/1

www.openwall.com/lists/oss-security/2012/06/27/1

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.8%

JSON

Related for CVE-2012-3362

securityvulns2 debian1 prion1 openvas2 nessus1 ubuntucve1