Cross site request forgery (csrf)

2007-01-1205:04:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.0%

JSON

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

CPENameOperatorVersion
direct_web_remotingeq1.0
direct_web_remotingeq0.8
direct_web_remotingeq1.1.2
direct_web_remotingeq1.1.0
direct_web_remotingeq0.9
direct_web_remotingeq0.7
direct_web_remotingeq1.1.1
direct_web_remotingle1.1.3

Name	Operator	Version
direct_web_remoting	eq	1.0
direct_web_remoting	eq	0.8
direct_web_remoting	eq	1.1.2
direct_web_remoting	eq	1.1.0
direct_web_remoting	eq	0.9
direct_web_remoting	eq	0.7
direct_web_remoting	eq	1.1.1
direct_web_remoting	le	1.1.3