CVE-2011-0910

EPSS 0.24%
Veröffentlicht 08.02.2011 21:00:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vanillaforums ≫ Vanilla Version <= 2.0.17.5

Vanillaforums ≫ Vanilla Version2.0.9

Vanillaforums ≫ Vanilla Version2.0.10

Vanillaforums ≫ Vanilla Version2.0.11

Vanillaforums ≫ Vanilla Version2.0.12

Vanillaforums ≫ Vanilla Version2.0.13

Vanillaforums ≫ Vanilla Version2.0.14

Vanillaforums ≫ Vanilla Version2.0.15

Vanillaforums ≫ Vanilla Version2.0.16

Vanillaforums ≫ Vanilla Version2.0.17

Vanillaforums ≫ Vanilla Version2.0.17.1

Vanillaforums ≫ Vanilla Version2.0.17.2

Vanillaforums ≫ Vanilla Version2.0.17.3

Vanillaforums ≫ Vanilla Version2.0.17.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.447

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729

https://nvd.nist.gov/vuln/detail/CVE-2011-0910

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-0910

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-0910

EUVD