Cross site request forgery (csrf)

2007-01-0321:28:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.932 High

EPSS

Percentile

99.0%

JSON

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka “Universal CSRF and session riding.”

CPENameOperatorVersion
acrobateq7.0.6 professional
acrobateq7.0 professional
acrobateq7.0 standard
acrobateq7.0.5 standard
acrobatle7.0.8
acrobateq7.0.3 standard
acrobateq7.0.4 standard
acrobateq7.0.6 standard
acrobateq7.0.5 professional
acrobateq7.0.2 professional

Name	Operator	Version
acrobat	eq	7.0.6 professional
acrobat	eq	7.0 professional
acrobat	eq	7.0 standard
acrobat	eq	7.0.5 standard
acrobat	le	7.0.8
acrobat	eq	7.0.3 standard
acrobat	eq	7.0.4 standard
acrobat	eq	7.0.6 standard
acrobat	eq	7.0.5 professional
acrobat	eq	7.0.2 professional