Lucene search

DebianDEBIAN:DLA-485-1:3C210

HistoryMay 22, 2016 - 8:30 p.m.

[SECURITY] [DLA 485-1] extplorer security update

2016-05-2220:30:06

lists.debian.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.2%

JSON

Package : extplorer
Version : 2.1.0b6+dfsg.3-4+deb7u3
CVE ID : CVE-2015-5660

This security update fixes a security issue in extplorer. We recommend you
upgrade your extplorer package.

CVE-2015-5660
Cross-site request forgery (CSRF) vulnerability allows remote
attackers to hijack the authentication of arbitrary users for
requests that execute PHP code.

Further information about Debian LTS security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian7allextplorer< 2.1.0b6+dfsg.3-4+deb7u3extplorer_2.1.0b6+dfsg.3-4+deb7u3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	all	extplorer	< 2.1.0b6+dfsg.3-4+deb7u3	extplorer_2.1.0b6+dfsg.3-4+deb7u3_all.deb

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for DEBIAN:DLA-485-1:3C210