Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5085

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2010-5085
Last Modified 29 Feb 2012 12:00:00
Published 14 Feb 2012 03:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-5085

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.

Vulnerable Systems

Application

  • Hulihanapplications Amethyst 0.1.5


References

XF - amethyst-update-csrf(60947)

VUPEN - ADV-2010-2022

OSVDB - 67043

MISC - http://www.htbridge.ch/advisory/xsrf_csrf_in_amethyst.html

SECUNIA - 40874

BUGTRAQ - 20100805 XSRF (CSRF) in Amethyst

CONFIRM - http://dev.hulihanapplications.com/issues/show/208


Last Updated: 27 May 2016 10:56:28