4.3

CVE-2008-1654

Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.8% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://secunia.com/advisories/30430
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
US Government Resource
http://www.vupen.com/english/advisories/2008/1697
http://secunia.com/advisories/30507
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
http://www.vupen.com/english/advisories/2008/1724/references
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
http://secunia.com/advisories/29763
Vendor Advisory
http://secunia.com/advisories/29865
http://www.adobe.com/support/security/bulletins/apsb08-11.html
http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
http://www.redhat.com/support/errata/RHSA-2008-0221.html
http://www.us-cert.gov/cas/techalerts/TA08-100A.html
US Government Resource
http://seclists.org/bugtraq/2008/Jan/0182.html
http://seclists.org/fulldisclosure/2008/Jan/0204.html
http://www.gnucitizen.org/blog/hacking-the-interwebs/
http://www.kb.cert.org/vuls/id/347812
US Government Resource
http://www.securityfocus.com/bid/28696
http://www.securitytracker.com/id?1019807
https://exchange.xforce.ibmcloud.com/vulnerabilities/41718
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11435