CVE-2009-4139

EPSS 0.17%
Veröffentlicht 27.07.2011 02:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java site packages (aka spacewalk-java) 1.2.39 in Spacewalk, as used in the server in Red Hat Network Satellite 5.3.0 through 5.4.1 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that (1) disable the current user account, (2) add user accounts, or (3) modify user accounts to have administrator privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Network Satellite Server Version5.3.0

Redhat ≫ Network Satellite Server Version5.4.0

Redhat ≫ Network Satellite Server Version5.4.1

Redhat ≫ Spacewalk-java Version1.2.39

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.355

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://securitytracker.com/id?1025674

http://www.redhat.com/support/errata/RHSA-2011-0879.html

Patch

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=529483

https://exchange.xforce.ibmcloud.com/vulnerabilities/68074

https://nvd.nist.gov/vuln/detail/CVE-2009-4139

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-4139

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-4139

EUVD