CVE-2009-1339

Exploit

EPSS 0.36%
Veröffentlicht 30.04.2009 20:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Twiki ≫ Twiki Version <= 4.3.0

Twiki ≫ Twiki Version4.1.2

Twiki ≫ Twiki Version4.2.0

Twiki ≫ Twiki Version4.2.1

Twiki ≫ Twiki Version4.2.2

Twiki ≫ Twiki Version4.2.3

Twiki ≫ Twiki Version4.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.575

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://bugs.debian.org/526258

http://secunia.com/advisories/34880

Vendor Advisory

http://securitytracker.com/id?1022146

Patch

http://sourceforge.net/mailarchive/forum.php?thread_name=7E0723DC-CBFF-4DBD-B26C-8686287FF689%40twiki.net&forum_name=twiki-announce

http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339

Vendor Advisory

http://twiki.org/p/pub/Codev/SecurityAlert-CVE-2009-1339/TWiki-4.3.0-c-diff-cve-2009-1339.txt

Exploit

http://www.nabble.com/Bug-526258:-CVE-2009-1339:-CSRF-Vulnerability-with-Image-Tag-td23311575.html

http://www.vupen.com/english/advisories/2009/1217