Lucene search

FreeBSD56F4B3A6-C82C-11E0-A498-00215C6A37BB

HistoryJul 27, 2011 - 12:00 a.m.

Samba -- cross site scripting and request forgery vulnerabilities

2011-07-2700:00:00

vuxml.freebsd.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

Samba security advisory reports:

All current released versions of Samba are vulnerable to a
cross-site request forgery in the Samba Web Administration Tool
(SWAT). By tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is
possible to manipulate SWAT.

All current released versions of Samba are vulnerable to a
cross-site scripting issue in the Samba Web Administration Tool
(SWAT). On the “Change Password” field, it is possible to insert
arbitrary content into the “user” field.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchsamba34< 3.4.14UNKNOWN
FreeBSDanynoarchsamba35< 3.5.10UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	samba34	< 3.4.14	UNKNOWN
FreeBSD	any	noarch	samba35	< 3.5.10	UNKNOWN

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for 56F4B3A6-C82C-11E0-A498-00215C6A37BB