Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5079

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2010-5079
Last Modified 18 Sep 2012 12:00:00
Published 17 Sep 2012 01:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2010-5079

Summary

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.

Vulnerable Systems

Application

  • Silverstripe 2.3.0

  • Silverstripe 2.3.1

  • Silverstripe 2.3.2

  • Silverstripe 2.3.3

  • Silverstripe 2.3.4

  • Silverstripe 2.3.5

  • Silverstripe 2.3.6

  • Silverstripe 2.3.7

  • Silverstripe 2.3.8

  • Silverstripe 2.3.9

  • Silverstripe 2.4.0

  • Silverstripe 2.4.1

  • Silverstripe 2.4.2

  • Silverstripe 2.4.3


References

MLIST - [oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4

MLIST - [oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4

MLIST - [oss-security] 20120430 CVE-request: SilverStripe before 2.4.4

MLIST - [oss-security] 20110104 CVE request: silverstripe before 2.4.4

CONFIRM - http://open.silverstripe.org/changeset/114505

CONFIRM - http://open.silverstripe.org/changeset/114504

CONFIRM - http://open.silverstripe.org/changeset/114503

CONFIRM - http://open.silverstripe.org/changeset/114498

CONFIRM - http://open.silverstripe.org/changeset/114497

CONFIRM - http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4

CONFIRM - http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10


Last Updated: 27 May 2016 11:00:43