6.8

CVE-2010-2594

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Intersect AllianceSnare Agent Version <= 3.2.3
   SunSolaris
Intersect AllianceSnare Agent Version2.0
   SunSolaris
Intersect AllianceSnare Agent Version2.1
   SunSolaris
Intersect AllianceSnare Agent Version2.3
   SunSolaris
Intersect AllianceSnare Agent Version2.4
   SunSolaris
Intersect AllianceSnare Agent Version2.5
   SunSolaris
Intersect AllianceSnare Agent Version2.5.2
   SunSolaris
Intersect AllianceSnare Agent Version2.5.3
   SunSolaris
Intersect AllianceSnare Agent Version2.5.4
   SunSolaris
Intersect AllianceSnare Agent Version2.5.6
   SunSolaris
Intersect AllianceSnare Agent Version2.5.7
   SunSolaris
Intersect AllianceSnare Agent Version3.0.0
   SunSolaris
Intersect AllianceSnare Agent Version3.1.0
   SunSolaris
Intersect AllianceSnare Agent Version3.2.0
   SunSolaris
Intersect AllianceSnare Agent Version3.2.1
   SunSolaris
Intersect AllianceSnare Agent Version3.2.2
   SunSolaris
Intersect AllianceSnare Agent Version <= 1.5.0
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version0.9.2
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version0.9.6
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version0.9.7
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version0.9.7a
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version0.9.8
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version1.0
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version1.1
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version1.2
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version1.3
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version1.4
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version1.4.1
   LinuxLinux Kernel Version-
Intersect AllianceSnare Agent Version <= 1.4
   SgiIrix
Intersect AllianceSnare Agent Version1.0
   SgiIrix
Intersect AllianceSnare Agent Version1.2
   SgiIrix
Intersect AllianceSnare Agent Version1.3
   SgiIrix
Intersect AllianceSnare Epilog Version <= 1.5.3
   MicrosoftWindows
Intersect AllianceSnare Epilog Version1.3.1
   MicrosoftWindows
Intersect AllianceSnare Epilog Version1.3.3
   MicrosoftWindows
Intersect AllianceSnare Epilog Version1.4.0
   MicrosoftWindows
Intersect AllianceSnare Epilog Version1.5.0
   MicrosoftWindows
Intersect AllianceSnare Epilog Version1.5.1
   MicrosoftWindows
Intersect AllianceSnare Epilog Version1.5.2
   MicrosoftWindows
Intersect AllianceSnare Epilog Version <= 1.2
   UnixUnix
Intersect AllianceSnare Epilog Version1.1
   UnixUnix
Intersect AllianceSnare Agent Version <= 1.5.0
   IbmAix
Intersect AllianceSnare Agent Version1.0
   IbmAix
Intersect AllianceSnare Agent Version1.2
   IbmAix
Intersect AllianceSnare Agent Version1.3
   IbmAix
Intersect AllianceSnare Agent Version1.4
   IbmAix
Intersect AllianceSnare Agent Version <= 1.1.4
Intersect AllianceSnare Agent Version1.0.1
Intersect AllianceSnare Agent Version1.1.0
Intersect AllianceSnare Agent Version1.1.1
Intersect AllianceSnare Agent Version1.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.47% 0.704
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://holisticinfosec.org/content/view/144/45/
Third Party Advisory
http://secunia.com/advisories/39562
Broken Link
http://www.kb.cert.org/vuls/id/173009
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/41226
Third Party Advisory
VDB Entry