CVE-2010-2268

Cross-site request forgery CSRF vulnerability in authcfg.cgi in Accoria Web Server aka Rock Web Server 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts...

CVE-2010-2268

CVE-2010-2268 concerns a CSRF in the authcfg.cgi component of Accoria Web Server (aka Rock Web Server) 1.4.7. The vulnerability allows remote attackers to hijack administrator authentication and perform actions that create new user accounts. The available documents confirm the affected software/v...

CVE-2010-2270

CVE-2010-2270 affects Accoria Web Server (Rock Web Server) 1.4.7. The vulnerability is due to a predictable httpmod-sessionid cookie used for session management, enabling remote attackers to hijack sessions via a modified cookie. Root cause: predictable session identifiers in the server’s cookie ...

CVE-2010-2267

CVE-2010-2267 affects Accoria Web Server (aka Rock Web Server) 1.4.7. The vulnerability is described as multiple cross-site scripting (XSS) flaws, exploitable by remote attackers to inject arbitrary web script or HTML via: (1) the query string to the getenv sample program, (2) the desc parameter ...

CVE-2010-2271

CVE-2010-2271 concerns the Accoria Web Server (aka Rock Web Server) version 1.4.7, where a format string vulnerability exists in the file/auth module: authcfg.cgi. The root cause is improper handling of user-supplied format string specifiers in the Password File path parameter, which could allow ...

US CERT: Rock Web Server Has XSS Vulns

The Accoria web server, also known as Rock Web Server, contains several cross-site scripting XSS and cross-site request forgery XSRF vulnerabilities. Read the full advisory. Department of Homeland Security...