PRIOn knowledge basePRION:CVE-2009-4273Cross site request forgery (csrf)
7.4 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.099 Low
EPSS
Percentile
94.7%
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
References
lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
secunia.com/advisories/38154
secunia.com/advisories/38216
secunia.com/advisories/38765
secunia.com/advisories/39656
sourceware.org/bugzilla/show_bug.cgi?id=11105
sourceware.org/ml/systemtap/2010-q1/msg00142.html
sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz
www.redhat.com/support/errata/RHSA-2010-0124.html
www.vupen.com/english/advisories/2010/0169
www.vupen.com/english/advisories/2010/1001
bugzilla.redhat.com/show_bug.cgi?id=550172
lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html
lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html
lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html
lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html
lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417
Related
7.4 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.099 Low
EPSS
Percentile
94.7%