Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2316

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2316
Last Modified 10 Sep 2012 02:25:55
Published 09 Sep 2012 05:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2316

Summary

Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp.

Vulnerable Systems

Application

  • Openkm 5.1.7

  • Openkm 5.1.8


References

OSVDB - 78106

MLIST - [oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)

MLIST - [oss-security] 20120427 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)

MLIST - [oss-security] 20120323 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)

MLIST - [oss-security] 20120323 CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)

CONFIRM - http://wiki.openkm.com/index.php/Changelog

SECUNIA - 47420

CONFIRM - http://openkm.svn.sourceforge.net/viewvc/openkm?view=revision&revision=7406

BUGTRAQ - 20120103 OpenKM 5.1.7 OS Command Execution (XSRF based)


Last Updated: 27 May 2016 11:00:32