5.1

CVE-2013-0214

Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version3.6.0
SambaSamba Version3.6.1
SambaSamba Version3.6.2
SambaSamba Version3.6.3
SambaSamba Version3.6.4
SambaSamba Version3.6.5
SambaSamba Version3.6.6
SambaSamba Version3.6.7
SambaSamba Version3.6.8
SambaSamba Version3.6.9
SambaSamba Version3.6.10
SambaSamba Version3.6.11
SambaSamba Version4.0.0
SambaSamba Version4.0.1
SambaSamba Version3.0.0
SambaSamba Version3.0.1
SambaSamba Version3.0.2
SambaSamba Version3.0.2 Updatea
SambaSamba Version3.0.2a
SambaSamba Version3.0.3
SambaSamba Version3.0.4
SambaSamba Version3.0.4 Updaterc1
SambaSamba Version3.0.5
SambaSamba Version3.0.6
SambaSamba Version3.0.7
SambaSamba Version3.0.8
SambaSamba Version3.0.9
SambaSamba Version3.0.10
SambaSamba Version3.0.11
SambaSamba Version3.0.12
SambaSamba Version3.0.13
SambaSamba Version3.0.14
SambaSamba Version3.0.14 Updatea
SambaSamba Version3.0.14a
SambaSamba Version3.0.15
SambaSamba Version3.0.16
SambaSamba Version3.0.17
SambaSamba Version3.0.18
SambaSamba Version3.0.19
SambaSamba Version3.0.20
SambaSamba Version3.0.20 Updatea
SambaSamba Version3.0.20 Updateb
SambaSamba Version3.0.20a
SambaSamba Version3.0.20b
SambaSamba Version3.0.21
SambaSamba Version3.0.21 Updatea
SambaSamba Version3.0.21 Updateb
SambaSamba Version3.0.21 Updatec
SambaSamba Version3.0.21a
SambaSamba Version3.0.21b
SambaSamba Version3.0.21c
SambaSamba Version3.0.22
SambaSamba Version3.0.23
SambaSamba Version3.0.23 Updatea
SambaSamba Version3.0.23 Updateb
SambaSamba Version3.0.23 Updatec
SambaSamba Version3.0.23 Updated
SambaSamba Version3.0.23a
SambaSamba Version3.0.23b
SambaSamba Version3.0.23c
SambaSamba Version3.0.23d
SambaSamba Version3.0.24
SambaSamba Version3.0.25
SambaSamba Version3.0.25 Updatea
SambaSamba Version3.0.25 Updateb
SambaSamba Version3.0.25 Updatec
SambaSamba Version3.0.25 Updatepre1
SambaSamba Version3.0.25 Updatepre2
SambaSamba Version3.0.25 Updaterc1
SambaSamba Version3.0.25 Updaterc2
SambaSamba Version3.0.25 Updaterc3
SambaSamba Version3.0.25a
SambaSamba Version3.0.25b
SambaSamba Version3.0.25c
SambaSamba Version3.0.26
SambaSamba Version3.0.26 Updatea
SambaSamba Version3.0.26a
SambaSamba Version3.0.27
SambaSamba Version3.0.27 Updatea
SambaSamba Version3.0.28
SambaSamba Version3.0.28 Updatea
SambaSamba Version3.0.29
SambaSamba Version3.0.30
SambaSamba Version3.0.31
SambaSamba Version3.0.32
SambaSamba Version3.0.33
SambaSamba Version3.0.34
SambaSamba Version3.0.35
SambaSamba Version3.0.36
SambaSamba Version3.0.37
SambaSamba Version3.1.0
SambaSamba Version3.2.0
SambaSamba Version3.2.1
SambaSamba Version3.2.2
SambaSamba Version3.2.3
SambaSamba Version3.2.4
SambaSamba Version3.2.5
SambaSamba Version3.2.6
SambaSamba Version3.2.7
SambaSamba Version3.2.8
SambaSamba Version3.2.9
SambaSamba Version3.2.10
SambaSamba Version3.2.11
SambaSamba Version3.2.12
SambaSamba Version3.2.13
SambaSamba Version3.2.14
SambaSamba Version3.2.15
SambaSamba Version3.3.0
SambaSamba Version3.3.1
SambaSamba Version3.3.2
SambaSamba Version3.3.3
SambaSamba Version3.3.4
SambaSamba Version3.3.5
SambaSamba Version3.3.6
SambaSamba Version3.3.7
SambaSamba Version3.3.8
SambaSamba Version3.3.9
SambaSamba Version3.3.10
SambaSamba Version3.3.11
SambaSamba Version3.3.12
SambaSamba Version3.3.13
SambaSamba Version3.3.14
SambaSamba Version3.3.15
SambaSamba Version3.3.16
SambaSamba Version3.4.0
SambaSamba Version3.4.1
SambaSamba Version3.4.2
SambaSamba Version3.4.3
SambaSamba Version3.4.4
SambaSamba Version3.4.5
SambaSamba Version3.4.6
SambaSamba Version3.4.7
SambaSamba Version3.4.8
SambaSamba Version3.4.9
SambaSamba Version3.4.10
SambaSamba Version3.4.11
SambaSamba Version3.4.12
SambaSamba Version3.4.13
SambaSamba Version3.4.14
SambaSamba Version3.4.15
SambaSamba Version3.4.16
SambaSamba Version3.4.17
SambaSamba Version3.5.0
SambaSamba Version3.5.1
SambaSamba Version3.5.2
SambaSamba Version3.5.3
SambaSamba Version3.5.4
SambaSamba Version3.5.5
SambaSamba Version3.5.6
SambaSamba Version3.5.7
SambaSamba Version3.5.8
SambaSamba Version3.5.9
SambaSamba Version3.5.10
SambaSamba Version3.5.11
SambaSamba Version3.5.12
SambaSamba Version3.5.13
SambaSamba Version3.5.14
SambaSamba Version3.5.15
SambaSamba Version3.5.16
SambaSamba Version3.5.17
SambaSamba Version3.5.18
SambaSamba Version3.5.19
SambaSamba Version3.5.20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.91% 0.771
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00042.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00029.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00033.html
http://rhn.redhat.com/errata/RHSA-2013-1310.html
http://rhn.redhat.com/errata/RHSA-2013-1542.html
http://rhn.redhat.com/errata/RHSA-2014-0305.html
http://www.debian.org/security/2013/dsa-2617
http://www.securityfocus.com/bid/57631
http://www.ubuntu.com/usn/USN-2922-1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
http://osvdb.org/89627
http://www.samba.org/samba/security/CVE-2013-0214
Vendor Advisory