CVE-2010-2594

EPSS 0.18%
Veröffentlicht 02.07.2010 12:43:52
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Intersect Alliance ≫ Snare Agent Version <= 3.2.3

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version2.0

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version2.1

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version2.3

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version2.4

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version2.5

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version2.5.2

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version2.5.3

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version2.5.4

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version2.5.6

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version2.5.7

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version3.0.0

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version3.1.0

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version3.2.0

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version3.2.1

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version3.2.2

Sun ≫ Solaris

Intersect Alliance ≫ Snare Agent Version <= 3.1.7

   Microsoft ≫ Windows 2000
   Microsoft ≫ Windows 2003 Server
   Microsoft ≫ Windows Xp

Intersect Alliance ≫ Snare Agent Version3.0.0

   Microsoft ≫ Windows 2000
   Microsoft ≫ Windows 2003 Server
   Microsoft ≫ Windows Xp

Intersect Alliance ≫ Snare Agent Version3.1.0

   Microsoft ≫ Windows 2000
   Microsoft ≫ Windows 2003 Server
   Microsoft ≫ Windows Xp

Intersect Alliance ≫ Snare Agent Version3.1.2

   Microsoft ≫ Windows 2000
   Microsoft ≫ Windows 2003 Server
   Microsoft ≫ Windows Xp

Intersect Alliance ≫ Snare Agent Version3.1.3

   Microsoft ≫ Windows 2000
   Microsoft ≫ Windows 2003 Server
   Microsoft ≫ Windows Xp

Intersect Alliance ≫ Snare Agent Version3.1.4

   Microsoft ≫ Windows 2000
   Microsoft ≫ Windows 2003 Server
   Microsoft ≫ Windows Xp

Intersect Alliance ≫ Snare Agent Version3.1.5

   Microsoft ≫ Windows 2000
   Microsoft ≫ Windows 2003 Server
   Microsoft ≫ Windows Xp

Intersect Alliance ≫ Snare Agent Version3.1.6

   Microsoft ≫ Windows 2000
   Microsoft ≫ Windows 2003 Server
   Microsoft ≫ Windows Xp

Intersect Alliance ≫ Snare Agent Version <= 1.5.0

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version0.9.2

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version0.9.6

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version0.9.7

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version0.9.7a

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version0.9.8

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version1.0

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version1.1

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version1.2

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version1.3

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version1.4

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version1.4.1

Linux ≫ Linux Kernel Version-

Intersect Alliance ≫ Snare Agent Version <= 1.4

Sgi ≫ Irix

Intersect Alliance ≫ Snare Agent Version1.0

Sgi ≫ Irix

Intersect Alliance ≫ Snare Agent Version1.2

Sgi ≫ Irix

Intersect Alliance ≫ Snare Agent Version1.3

Sgi ≫ Irix

Intersect Alliance ≫ Snare Epilog Version <= 1.5.3

Microsoft ≫ Windows

Intersect Alliance ≫ Snare Epilog Version1.1

Microsoft ≫ Windows

Intersect Alliance ≫ Snare Epilog Version1.2

Microsoft ≫ Windows

Intersect Alliance ≫ Snare Epilog Version1.3

Microsoft ≫ Windows

Intersect Alliance ≫ Snare Epilog Version1.3.1

Microsoft ≫ Windows

Intersect Alliance ≫ Snare Epilog Version1.3.3

Microsoft ≫ Windows

Intersect Alliance ≫ Snare Epilog Version1.4.0

Microsoft ≫ Windows

Intersect Alliance ≫ Snare Epilog Version1.5.0

Microsoft ≫ Windows

Intersect Alliance ≫ Snare Epilog Version1.5.1

Microsoft ≫ Windows

Intersect Alliance ≫ Snare Epilog Version1.5.2

Microsoft ≫ Windows

Intersect Alliance ≫ Snare Epilog Version <= 1.2

Unix ≫ Unix

Intersect Alliance ≫ Snare Epilog Version1.1

Unix ≫ Unix

Intersect Alliance ≫ Snare Agent Version <= 1.5.0

Ibm ≫ Aix

Intersect Alliance ≫ Snare Agent Version1.0

Ibm ≫ Aix

Intersect Alliance ≫ Snare Agent Version1.2

Ibm ≫ Aix

Intersect Alliance ≫ Snare Agent Version1.3

Ibm ≫ Aix

Intersect Alliance ≫ Snare Agent Version1.4

Ibm ≫ Aix

Intersect Alliance ≫ Snare Agent Version <= 1.1.4

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows Server 2008 Version-
   Microsoft ≫ Windows Vista

Intersect Alliance ≫ Snare Agent Version1.0

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows Server 2008 Version-
   Microsoft ≫ Windows Vista

Intersect Alliance ≫ Snare Agent Version1.0.1

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows Server 2008 Version-
   Microsoft ≫ Windows Vista

Intersect Alliance ≫ Snare Agent Version1.1.0

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows Server 2008 Version-
   Microsoft ≫ Windows Vista

Intersect Alliance ≫ Snare Agent Version1.1.1

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows Server 2008 Version-
   Microsoft ≫ Windows Vista

Intersect Alliance ≫ Snare Agent Version1.1.2

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows Server 2008 Version-
   Microsoft ≫ Windows Vista

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.397

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://holisticinfosec.org/content/view/144/45/

Third Party Advisory

http://secunia.com/advisories/39562

Broken Link

http://www.kb.cert.org/vuls/id/173009

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/41226

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2010-2594

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2594

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2594

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2010-2594