Lucene search
HistoryFeb 02, 2013 - 8:55 p.m.
CVE-2013-0214
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
High
EPSS
0.012
Percentile
85.0%
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
Affected configurations
Node
sambasambaMatch3.6.0
ORsambasambaMatch3.6.1
ORsambasambaMatch3.6.2
ORsambasambaMatch3.6.3
ORsambasambaMatch3.6.4
ORsambasambaMatch3.6.5
ORsambasambaMatch3.6.6
ORsambasambaMatch3.6.7
ORsambasambaMatch3.6.8
ORsambasambaMatch3.6.9
ORsambasambaMatch3.6.10
ORsambasambaMatch3.6.11
Node
sambasambaMatch4.0.0
ORsambasambaMatch4.0.1
Node
sambasambaMatch3.0.0
ORsambasambaMatch3.0.1
ORsambasambaMatch3.0.2
ORsambasambaMatch3.0.2a
ORsambasambaMatch3.0.2a
ORsambasambaMatch3.0.3
ORsambasambaMatch3.0.4
ORsambasambaMatch3.0.4rc1
ORsambasambaMatch3.0.5
ORsambasambaMatch3.0.6
ORsambasambaMatch3.0.7
ORsambasambaMatch3.0.8
ORsambasambaMatch3.0.9
ORsambasambaMatch3.0.10
ORsambasambaMatch3.0.11
ORsambasambaMatch3.0.12
ORsambasambaMatch3.0.13
ORsambasambaMatch3.0.14
ORsambasambaMatch3.0.14a
ORsambasambaMatch3.0.14a
ORsambasambaMatch3.0.15
ORsambasambaMatch3.0.16
ORsambasambaMatch3.0.17
ORsambasambaMatch3.0.18
ORsambasambaMatch3.0.19
ORsambasambaMatch3.0.20
ORsambasambaMatch3.0.20a
ORsambasambaMatch3.0.20b
ORsambasambaMatch3.0.20a
ORsambasambaMatch3.0.20b
ORsambasambaMatch3.0.21
ORsambasambaMatch3.0.21a
ORsambasambaMatch3.0.21b
ORsambasambaMatch3.0.21c
ORsambasambaMatch3.0.21a
ORsambasambaMatch3.0.21b
ORsambasambaMatch3.0.21c
ORsambasambaMatch3.0.22
ORsambasambaMatch3.0.23
ORsambasambaMatch3.0.23a
ORsambasambaMatch3.0.23b
ORsambasambaMatch3.0.23c
ORsambasambaMatch3.0.23d
ORsambasambaMatch3.0.23a
ORsambasambaMatch3.0.23b
ORsambasambaMatch3.0.23c
ORsambasambaMatch3.0.23d
ORsambasambaMatch3.0.24
ORsambasambaMatch3.0.25
ORsambasambaMatch3.0.25a
ORsambasambaMatch3.0.25b
ORsambasambaMatch3.0.25c
ORsambasambaMatch3.0.25pre1
ORsambasambaMatch3.0.25pre2
ORsambasambaMatch3.0.25rc1
ORsambasambaMatch3.0.25rc2
ORsambasambaMatch3.0.25rc3
ORsambasambaMatch3.0.25a
ORsambasambaMatch3.0.25b
ORsambasambaMatch3.0.25c
ORsambasambaMatch3.0.26
ORsambasambaMatch3.0.26a
ORsambasambaMatch3.0.26a
ORsambasambaMatch3.0.27
ORsambasambaMatch3.0.27a
ORsambasambaMatch3.0.28
ORsambasambaMatch3.0.28a
ORsambasambaMatch3.0.29
ORsambasambaMatch3.0.30
ORsambasambaMatch3.0.31
ORsambasambaMatch3.0.32
ORsambasambaMatch3.0.33
ORsambasambaMatch3.0.34
ORsambasambaMatch3.0.35
ORsambasambaMatch3.0.36
ORsambasambaMatch3.0.37
ORsambasambaMatch3.1.0
ORsambasambaMatch3.2.0
ORsambasambaMatch3.2.1
ORsambasambaMatch3.2.2
ORsambasambaMatch3.2.3
ORsambasambaMatch3.2.4
ORsambasambaMatch3.2.5
ORsambasambaMatch3.2.6
ORsambasambaMatch3.2.7
ORsambasambaMatch3.2.8
ORsambasambaMatch3.2.9
ORsambasambaMatch3.2.10
ORsambasambaMatch3.2.11
ORsambasambaMatch3.2.12
ORsambasambaMatch3.2.13
ORsambasambaMatch3.2.14
ORsambasambaMatch3.2.15
ORsambasambaMatch3.3.0
ORsambasambaMatch3.3.1
ORsambasambaMatch3.3.2
ORsambasambaMatch3.3.3
ORsambasambaMatch3.3.4
ORsambasambaMatch3.3.5
ORsambasambaMatch3.3.6
ORsambasambaMatch3.3.7
ORsambasambaMatch3.3.8
ORsambasambaMatch3.3.9
ORsambasambaMatch3.3.10
ORsambasambaMatch3.3.11
ORsambasambaMatch3.3.12
ORsambasambaMatch3.3.13
ORsambasambaMatch3.3.14
ORsambasambaMatch3.3.15
ORsambasambaMatch3.3.16
ORsambasambaMatch3.4.0
ORsambasambaMatch3.4.1
ORsambasambaMatch3.4.2
ORsambasambaMatch3.4.3
ORsambasambaMatch3.4.4
ORsambasambaMatch3.4.5
ORsambasambaMatch3.4.6
ORsambasambaMatch3.4.7
ORsambasambaMatch3.4.8
ORsambasambaMatch3.4.9
ORsambasambaMatch3.4.10
ORsambasambaMatch3.4.11
ORsambasambaMatch3.4.12
ORsambasambaMatch3.4.13
ORsambasambaMatch3.4.14
ORsambasambaMatch3.4.15
ORsambasambaMatch3.4.16
ORsambasambaMatch3.4.17
ORsambasambaMatch3.5.0
ORsambasambaMatch3.5.1
ORsambasambaMatch3.5.2
ORsambasambaMatch3.5.3
ORsambasambaMatch3.5.4
ORsambasambaMatch3.5.5
ORsambasambaMatch3.5.6
ORsambasambaMatch3.5.7
ORsambasambaMatch3.5.8
ORsambasambaMatch3.5.9
ORsambasambaMatch3.5.10
ORsambasambaMatch3.5.11
ORsambasambaMatch3.5.12
ORsambasambaMatch3.5.13
ORsambasambaMatch3.5.14
ORsambasambaMatch3.5.15
ORsambasambaMatch3.5.16
ORsambasambaMatch3.5.17
ORsambasambaMatch3.5.18
ORsambasambaMatch3.5.19
ORsambasambaMatch3.5.20
References
lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.html
lists.opensuse.org/opensuse-security-announce/2013-03/msg00042.html
lists.opensuse.org/opensuse-updates/2013-02/msg00029.html
lists.opensuse.org/opensuse-updates/2013-02/msg00033.html
osvdb.org/89627
rhn.redhat.com/errata/RHSA-2013-1310.html
rhn.redhat.com/errata/RHSA-2013-1542.html
rhn.redhat.com/errata/RHSA-2014-0305.html
www.debian.org/security/2013/dsa-2617
www.samba.org/samba/security/CVE-2013-0214
www.securityfocus.com/bid/57631
www.ubuntu.com/usn/USN-2922-1
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
Related
cvelist
cvelist
CVE-2013-0214
2013-02-02 20:00:00
cve
cve
CVE-2013-0214
2013-02-02 20:55:03
debiancve
debiancve
CVE-2013-0214
2013-02-02 20:55:03
ubuntucve
ubuntucve
CVE-2013-0214
2013-02-02 00:00:00
prion
prion
Cross site request forgery (csrf)
2013-02-02 20:55:00
samba
samba
Cross-Site Request Forgery in SWAT
2013-01-30 00:00:00
nessus
nessus
Samba < 3.5.21 / 3.6.12 / 4.0.2 SWAT Multiple Vulnerabilities
2013-02-04 00:00:00
Samba 3.x < 3.5.21 / 3.6.12 and 4.x < 4.0.2 SWAT Multiple Vulnerabilities (deprecated)
2012-02-07 00:00:00
SuSE 11.2 Security Update : Samba (SAT Patch Number 7292)
2013-02-24 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:0326-1)
2021-06-09 00:00:00
Fedora Update for samba FEDORA-2013-1718
2013-02-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0519-1)
2021-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: samba-3.6.12-1.fc17.1
2013-02-12 05:30:46
[SECURITY] Fedora 17 Update: samba4-4.0.0-60alpha18.fc17
2013-02-12 05:11:58
[SECURITY] Fedora 18 Update: samba-4.0.2-1.fc18
2013-02-12 05:06:25
osv
osv
samba - several issues
2013-02-02 00:00:00
debian
debian
[SECURITY] [DSA 2617-1] samba security update
2013-02-02 12:26:25
suse
suse
Security update for Samba (important)
2013-02-22 17:04:27
Security update for Samba (important)
2013-03-22 15:04:30
Security update for Samba (important)
2013-02-22 16:04:20
centos
centos
libsmbclient, samba security update
2014-03-17 19:05:31
samba3x security update
2013-10-07 12:45:09
libsmbclient, samba security update
2013-11-26 13:32:51
redhat
redhat
(RHSA-2014:0305) Moderate: samba security update
2014-03-17 00:00:00
(RHSA-2013:1310) Moderate: samba3x security and bug fix update
2013-09-30 16:52:28
(RHSA-2013:1542) Moderate: samba security, bug fix, and enhancement update
2013-11-21 00:00:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2019-05-02 04:58:49
oraclelinux
oraclelinux
samba security update
2014-03-17 00:00:00
samba3x security and bug fix update
2013-10-06 00:00:00
samba security, bug fix, and enhancement update
2013-11-25 00:00:00
ics
ics
Omron NS Series HMI Vulnerabilities
2019-01-31 12:00:00
ubuntu
ubuntu
Samba vulnerabilities
2016-03-08 00:00:00
securityvulns
securityvulns
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
High
EPSS
0.012
Percentile
85.0%
Related for NVD:CVE-2013-0214