Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1364

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-1364
Last Modified 14 Dec 2011 10:53:26
Published 30 Oct 2011 03:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1364

Summary

Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.

Vulnerable Systems

Application

  • Google App Engine Python Sdk 1.0.1

  • Google App Engine Python Sdk 1.0.2

  • Google App Engine Python Sdk 1.1.0

  • Google App Engine Python Sdk 1.1.1

  • Google App Engine Python Sdk 1.1.2

  • Google App Engine Python Sdk 1.1.3

  • Google App Engine Python Sdk 1.1.4

  • Google App Engine Python Sdk 1.1.5

  • Google App Engine Python Sdk 1.1.6

  • Google App Engine Python Sdk 1.1.7

  • Google App Engine Python Sdk 1.1.8

  • Google App Engine Python Sdk 1.1.9

  • Google App Engine Python Sdk 1.2.0

  • Google App Engine Python Sdk 1.2.1

  • Google App Engine Python Sdk 1.2.2

  • Google App Engine Python Sdk 1.2.3

  • Google App Engine Python Sdk 1.2.4

  • Google App Engine Python Sdk 1.2.5

  • Google App Engine Python Sdk 1.2.6

  • Google App Engine Python Sdk 1.2.7

  • Google App Engine Python Sdk 1.3.0

  • Google App Engine Python Sdk 1.3.1

  • Google App Engine Python Sdk 1.3.2

  • Google App Engine Python Sdk 1.3.3

  • Google App Engine Python Sdk 1.3.4

  • Google App Engine Python Sdk 1.3.5

  • Google App Engine Python Sdk 1.3.6

  • Google App Engine Python Sdk 1.3.7

  • Google App Engine Python Sdk 1.3.8

  • Google App Engine Python Sdk 1.4.0

  • Google App Engine Python Sdk 1.4.1

  • Google App Engine Python Sdk 1.4.2

  • Google App Engine Python Sdk 1.4.3

  • Google App Engine Python Sdk 1.5.0

  • Google App Engine Python Sdk 1.5.1

  • Google App Engine Python Sdk 1.5.2

  • Google App Engine Python Sdk 1.5.3


References

MISC - http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes

XF - google-app-engine-csrf(69958)

MISC - http://blog.watchfire.com/files/googleappenginesdk.pdf

BID - 50075


Last Updated: 27 May 2016 10:57:52