Lucene search

[email protected]NVD:CVE-2009-1434

HistoryApr 30, 2009 - 8:30 p.m.

CVE-2009-1434

2009-04-3020:30:00

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.2%

JSON

Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.

Affected configurations

NVD

Node

foswikifoswikiRange≤1.0.4

foswikifoswikiMatch1.0.0

foswikifoswikiMatch1.0.1

foswikifoswikiMatch1.0.2

foswikifoswikiMatch1.0.3

References

foswiki.org/Support/SecurityAlert-CVE-2009-1434

osvdb.org/54148

secunia.com/advisories/34863

sourceforge.net/mailarchive/forum.php?thread_name=49F61C4E.2040806%40lavrsen.dk&forum_name=foswiki-announce

exchange.xforce.ibmcloud.com/vulnerabilities/50256

launchpad.net/bugs/cve/2009-1434

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.2%

JSON

Related for NVD:CVE-2009-1434

cve3 prion3 ubuntucve2 cvelist3 nvd2 openvas3