6.8
CVE-2011-2522
- EPSS 10.05%
- Veröffentlicht 29.07.2011 20:55:02
- Zuletzt bearbeitet 16.06.2026 23:31:30
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version5.0
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.10
Canonical ≫ Ubuntu Linux Version11.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.05% | 0.95 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://jvn.jp/en/jp/JVN29529126/index.html
http://marc.info/?l=bugtraq&m=133527864025056&w=2
http://osvdb.org/74071
http://samba.org/samba/history/samba-3.5.10.html
http://secunia.com/advisories/45393
http://secunia.com/advisories/45488
http://secunia.com/advisories/45496
http://securityreason.com/securityalert/8317
http://securitytracker.com/id?1025852
http://ubuntu.com/usn/usn-1182-1
http://www.debian.org/security/2011/dsa-2290
http://www.exploit-db.com/exploits/17577
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://www.samba.org/samba/security/CVE-2011-2522
http://www.securityfocus.com/bid/48899
https://bugzilla.redhat.com/show_bug.cgi?id=721348
https://bugzilla.samba.org/show_bug.cgi?id=8290
https://exchange.xforce.ibmcloud.com/vulnerabilities/68843