Vulners
Lucene search
KonaKart Storefront Application Cross Site Request Forgery
🗓️ 22 Sep 2014 00:00:00Reported by Christian SchneiderType 
packetstorm🔗 packetstormsecurity.com👁 49 Views
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | CVE-2014-5516 | 3 Jan 202019:57 | – | cve |
 | CVE-2014-5516 | 3 Jan 202019:57 | – | cvelist |
 | EUVD-2014-5403 | 7 Oct 202500:30 | – | euvd |
 | CVE-2014-5516 | 3 Jan 202020:15 | – | nvd |
 | Cross site request forgery (csrf) | 3 Jan 202020:15 | – | prion |
 | CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product | 14 Oct 201400:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 14 Oct 201400:00 | – | securityvulns |
`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2014-5516
===================
"Cross-Site Request Forgery (CSRF) protection bypass" (CWE-352) vulnerability
in "KonaKart Storefront Application" Enterprise Java eCommerce product
Vendor
===================
DS Data Systems (UK) Ltd.
Product
===================
"KonaKart is an affordable java based shopping cart software solution for online retailers.
Let KonaKart help increase your eCommerce sales."
- source: http://www.konakart.com
"KonaKart is a Java eCommerce system aimed at medium to large online retailers."
- source: https://en.wikipedia.org/wiki/KonaKart
Affected versions
===================
This vulnerability affects versions of KonaKart Storefront Application prior to 7.3.0.0
Patch
===================
The vendor has released a XSRF fix as part of version 7.3.0.0 at
http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
Reported by
===================
This issue was reported to the vendor by Christian Schneider (@cschneider4711)
following a responsible disclosure process.
Severity
===================
Medium
Description
===================
The existing CSRF protection token was checked for every POST request
properly. When modifying the request from POST method to GET method
all state-changing actions worked as well, but the CSRF token protection
was no longer enforced, allowing CSRF attacks.
Escalation potential
====================
Exploitation demonstration was responsibly provided along with the vulnerability
report to the vendor, which changed a victim's mail address (using the CSRF
protection bypass) to an attacker-supplied mail address, allowing a successful
reset of victim's account password by the attacker.
Timeline
===================
2014-05-02 Vulnerability discovered
2014-05-02 Vulnerability responsibly reported to vendor
2014-05-02 Reply from vendor acknowledging report
2014-??-?? Vendor released patch as part of version 7.3.0.0
2014-09-20 Advisory published via BugTraq
References
===================
http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
http://www.christian-schneider.net/advisories/CVE-2014-5516.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAlQd69cACgkQXYAsOfddvFOTVACgr/f5+x5kf60t5LaCqhH0pvSY
QYoAnjiI0WSa3iGuw/OfXk3/vLV+liFm
=61mn
-----END PGP SIGNATURE-----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Sep 2014 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.00153