Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1911

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-1911
Last Modified 31 May 2012 12:00:00
Published 20 Sep 2011 06:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1911

Summary

JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.

Vulnerable Systems

Application

  • Jasperforge Jasperreports Server Community Project 3.7.0

  • Jasperforge Jasperreports Server Community Project 3.7.1


References

CONFIRM - http://www.kb.cert.org/vuls/id/MAPG-8ELLJC

CERT-VN - VU#519588

XF - jasperreports-flowexecutionkey-csrf(69849)

BID - 49649

MISC - http://www.csirtcv.gva.es/sites/all/files/images/content/%5BCSIRT-cv%5D%20JasperServer%203.7.0%20CE%20CSRF%20Advisory.pdf

MISC - http://www.csirtcv.gva.es/es/alertas/vulnerabilidad-en-jasperserver.html


Last Updated: 27 May 2016 10:56:52