PRIOn knowledge basePRION:CVE-2008-1654Cross site request forgery (csrf)
7.3 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.9%
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
References
lists.apple.com/archives/security-announce/2008//May/msg00001.html
lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
seclists.org/bugtraq/2008/Jan/0182.html
seclists.org/fulldisclosure/2008/Jan/0204.html
secunia.com/advisories/29763
secunia.com/advisories/29865
secunia.com/advisories/30430
secunia.com/advisories/30507
sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
www.adobe.com/support/security/bulletins/apsb08-11.html
www.gentoo.org/security/en/glsa/glsa-200804-21.xml
www.gnucitizen.org/blog/hacking-the-interwebs/
www.kb.cert.org/vuls/id/347812
www.redhat.com/support/errata/RHSA-2008-0221.html
www.securityfocus.com/bid/28696
www.securitytracker.com/id?1019807
www.us-cert.gov/cas/techalerts/TA08-100A.html
www.us-cert.gov/cas/techalerts/TA08-150A.html
www.vupen.com/english/advisories/2008/1697
www.vupen.com/english/advisories/2008/1724/references
exchange.xforce.ibmcloud.com/vulnerabilities/41718
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11435
Related
7.3 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.9%