Lucene search

[email protected]NVD:CVE-2011-4173

HistoryOct 24, 2011 - 6:55 p.m.

CVE-2011-4173

2011-10-2418:55:02

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.4%

JSON

Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

simplemachinessmfMatch2.0

simplemachinessmfMatch2.0beta1

simplemachinessmfMatch2.0beta2

simplemachinessmfMatch2.0beta2.1

simplemachinessmfMatch2.0beta3

simplemachinessmfMatch2.0beta3.1

simplemachinessmfMatch2.0beta4

simplemachinessmfMatch2.0rc1

simplemachinessmfMatch2.0rc1.2

simplemachinessmfMatch2.0rc2

simplemachinessmfMatch2.0rc3

simplemachinessmfMatch2.0rc4

simplemachinessmfMatch2.0rc5

References

openwall.com/lists/oss-security/2011/10/09/3

openwall.com/lists/oss-security/2011/10/10/6

secunia.com/advisories/46386

www.simplemachines.org/community/index.php?topic=452888.0

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.4%

JSON

Related for NVD:CVE-2011-4173

prion2 cve2 cvelist2 nvd1