9 matches found
KLA10332 OSI vulnerability in Snare
Weak keying material was found in Snare Agent. By exploiting this vulnerability malicious users can obtain and modify sensitive information. This vulnerability can be exploited remotely via MITM, at a point related to OpenSSL. Original advisories Snare Agent changelog Related products Snare CVE...
Snare Agent Detection
The remote web server contains a Snare Agent installation used for auditing and analysis of system events. The agent includes an optionally configured embedded web server used to configure rules for event monitoring. C Tenable Network Security, Inc. include"compat.inc"; if description...
Snare Agent for Linux < 1.7.0 / 2.0.0 Multiple Vulnerabilities
According to its self-reported version number, the installation of Snare Agent for Linux hosted on the remote web server is affected by multiple vulnerabilities in the optionally configured web interface: - The web interface discloses a hashed password for remote logins. An attacker can view the...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5....
KLA10331 SB vulnerability in Snare
A CSRF vulnerability was found in Snare. By exploiting this vulnerability malicious users can hijack administrator auth. This vulnerability can be exploited remotely. Original advisories - Related products Snare-for-Windows Epilog-for-Windows CVE list CVE-2010-2594 high Solution Update to latest...
CVE-2010-2594
The CVE-2010-2594 issue affects InterSect Alliance Snare Agent and Epilog products across Solaris, Windows, Linux/AIX, IRIX and UNIX variants. Description and connected records confirm multiple CSRF vulnerabilities in the web management interface that allow remote attackers to hijack administrato...
CVE-2010-2594
Multiple cross-site request forgery CSRF vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5....
PT-2010-4133 · Ibm +6 · Aix +7
Name of the Vulnerable Software and Affected Versions: InterSect Alliance Snare Agent versions 3.2.3 and earlier on Solaris InterSect Alliance Snare Agent versions 3.1.7 and earlier on Windows InterSect Alliance Snare Agent versions 1.5.0 and earlier on Linux and AIX InterSect Alliance Snare Agen...
Snare Agent web interface cross-site request forgery vulnerabilities
Overview The Snare Agent web interface is susceptible to cross-site request forgery attacks. Description The web interface allows the administrator to manage several agent settings, including changing the listening port and password. These HTTP requests do not perform proper validity checks and a...