Lucene search
JpcertCVE-2014-3896HistoryJul 29, 2014 - 8:55 p.m.
CVE-2014-3896
2014-07-2920:55:08
CWE-352
jpcert
web.nvd.nist.gov
27
cve-2014-3896
csrf
cgi programs
seeds acmailer
hijack authentication
remote attackers
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.005
Percentile
76.0%
Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization.
Affected configurations
Node
seedsacmailerRange3.8.0–3.8.17
ORseedsacmailerRange3.9.0–3.9.10
Related
cvelist
cvelist
CVE-2014-3896
2014-07-29 20:00:00
prion
prion
Cross site request forgery (csrf)
2014-07-29 20:55:00
jvn
jvn
JVN#42511610: acmailer contains a cross-site request forgery vulnerability
2014-07-29 00:00:00
nvd
nvd
CVE-2014-3896
2014-07-29 20:55:08
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.005
Percentile
76.0%
Related for CVE-2014-3896