Lucene search

K

RedhatCVELIST:CVE-2011-2522

HistoryJul 29, 2011 - 8:00 p.m.

CVE-2011-2522

2011-07-2920:00:00

redhat

www.cve.org

2

5.8 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

References

jvn.jp/en/jp/JVN29529126/index.html

marc.info/?l=bugtraq&m=133527864025056&w=2

osvdb.org/74071

samba.org/samba/history/samba-3.5.10.html

secunia.com/advisories/45393

secunia.com/advisories/45488

secunia.com/advisories/45496

securityreason.com/securityalert/8317

securitytracker.com/id?1025852

ubuntu.com/usn/usn-1182-1

www.debian.org/security/2011/dsa-2290

www.exploit-db.com/exploits/17577

www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543

www.mandriva.com/security/advisories?name=MDVSA-2011:121

www.samba.org/samba/security/CVE-2011-2522

www.securityfocus.com/bid/48899

bugzilla.redhat.com/show_bug.cgi?id=721348

bugzilla.samba.org/show_bug.cgi?id=8290

exchange.xforce.ibmcloud.com/vulnerabilities/68843

5.8 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

Related for CVELIST:CVE-2011-2522