Lucene search

[email protected]NVD:CVE-2011-1364

HistoryOct 30, 2011 - 7:55 p.m.

CVE-2011-1364

2011-10-3019:55:00

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.5%

JSON

Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.

Affected configurations

NVD

Node

googleapp_engine_python_sdkRange≤1.5.3

googleapp_engine_python_sdkMatch1.0.1

googleapp_engine_python_sdkMatch1.0.2

googleapp_engine_python_sdkMatch1.1.0

googleapp_engine_python_sdkMatch1.1.1

googleapp_engine_python_sdkMatch1.1.2

googleapp_engine_python_sdkMatch1.1.3

googleapp_engine_python_sdkMatch1.1.4

googleapp_engine_python_sdkMatch1.1.5

googleapp_engine_python_sdkMatch1.1.6

googleapp_engine_python_sdkMatch1.1.7

googleapp_engine_python_sdkMatch1.1.8

googleapp_engine_python_sdkMatch1.1.9

googleapp_engine_python_sdkMatch1.2.0

googleapp_engine_python_sdkMatch1.2.1

googleapp_engine_python_sdkMatch1.2.2

googleapp_engine_python_sdkMatch1.2.3

googleapp_engine_python_sdkMatch1.2.4

googleapp_engine_python_sdkMatch1.2.5

googleapp_engine_python_sdkMatch1.2.6

googleapp_engine_python_sdkMatch1.2.7

googleapp_engine_python_sdkMatch1.3.0

googleapp_engine_python_sdkMatch1.3.1

googleapp_engine_python_sdkMatch1.3.2

googleapp_engine_python_sdkMatch1.3.3

googleapp_engine_python_sdkMatch1.3.4

googleapp_engine_python_sdkMatch1.3.5

googleapp_engine_python_sdkMatch1.3.6

googleapp_engine_python_sdkMatch1.3.7

googleapp_engine_python_sdkMatch1.3.8

googleapp_engine_python_sdkMatch1.4.0

googleapp_engine_python_sdkMatch1.4.1

googleapp_engine_python_sdkMatch1.4.2

googleapp_engine_python_sdkMatch1.4.3

googleapp_engine_python_sdkMatch1.5.0

googleapp_engine_python_sdkMatch1.5.1

googleapp_engine_python_sdkMatch1.5.2

References

blog.watchfire.com/files/googleappenginesdk.pdf

code.google.com/p/googleappengine/wiki/SdkReleaseNotes

www.securityfocus.com/bid/50075

exchange.xforce.ibmcloud.com/vulnerabilities/69958

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.5%

JSON

Related for NVD:CVE-2011-1364

cvelist4 cve4 prion4 securityvulns2 nvd3