Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3636

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-3636
Last Modified 05 Mar 2012 12:00:00
Published 08 Dec 2011 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3636

Summary

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.

Vulnerable Systems

Application

  • Redhat Freeipa 0.99

  • Redhat Freeipa 0.99698-20080228

  • Redhat Freeipa 0.99698641-20080218

  • Redhat Freeipa 1.0.0

  • Redhat Freeipa 1.1.0

  • Redhat Freeipa 1.1.1

  • Redhat Freeipa 1.2.0

  • Redhat Freeipa 1.2.1

  • Redhat Freeipa 1.2.2

  • Redhat Freeipa 1.9.0

  • Redhat Freeipa 2.0.0

  • Redhat Freeipa 2.0.1

  • Redhat Freeipa 2.1.0

  • Redhat Freeipa 2.1.1

  • Redhat Freeipa 2.1.2

  • Redhat Freeipa 2.1.3


References

CONFIRM - http://freeipa.org/page/IPAv2_214


Last Updated: 27 May 2016 10:57:44