Lucene search

PRIOn knowledge basePRION:CVE-2009-1434

HistoryApr 30, 2009 - 8:30 p.m.

Cross site request forgery (csrf)

2009-04-3020:30:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.2%

JSON

Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.

CPENameOperatorVersion
foswikieq1.0.0
foswikieq1.0.2
foswikieq1.0.3
foswikieq1.0.1
foswikile1.0.4

Name	Operator	Version
foswiki	eq	1.0.0
foswiki	eq	1.0.2
foswiki	eq	1.0.3
foswiki	eq	1.0.1
foswiki	le	1.0.4

References

foswiki.org/Support/SecurityAlert-CVE-2009-1434

osvdb.org/54148

secunia.com/advisories/34863

sourceforge.net/mailarchive/forum.php?thread_name=49F61C4E.2040806%40lavrsen.dk&forum_name=foswiki-announce

exchange.xforce.ibmcloud.com/vulnerabilities/50256

launchpad.net/bugs/cve/2009-1434

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.2%

JSON

Related for PRION:CVE-2009-1434