Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2999

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2999
Last Modified 06 Feb 2013 11:56:24
Published 04 Oct 2012 03:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2999

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify.

Vulnerable Systems

Application

  • Cerberusftp Ftp Server 1.0

  • Cerberusftp Ftp Server 1.01

  • Cerberusftp Ftp Server 1.02

  • Cerberusftp Ftp Server 1.03

  • Cerberusftp Ftp Server 1.05

  • Cerberusftp Ftp Server 1.1

  • Cerberusftp Ftp Server 1.2

  • Cerberusftp Ftp Server 1.22

  • Cerberusftp Ftp Server 1.5

  • Cerberusftp Ftp Server 1.6

  • Cerberusftp Ftp Server 1.7

  • Cerberusftp Ftp Server 1.71

  • Cerberusftp Ftp Server 2.0

  • Cerberusftp Ftp Server 2.01

  • Cerberusftp Ftp Server 2.02

  • Cerberusftp Ftp Server 2.1

  • Cerberusftp Ftp Server 2.11

  • Cerberusftp Ftp Server 2.15

  • Cerberusftp Ftp Server 2.16

  • Cerberusftp Ftp Server 2.2

  • Cerberusftp Ftp Server 2.21

  • Cerberusftp Ftp Server 2.22

  • Cerberusftp Ftp Server 2.23

  • Cerberusftp Ftp Server 2.3

  • Cerberusftp Ftp Server 2.31

  • Cerberusftp Ftp Server 2.32

  • Cerberusftp Ftp Server 2.4

  • Cerberusftp Ftp Server 2.41

  • Cerberusftp Ftp Server 2.42

  • Cerberusftp Ftp Server 2.43

  • Cerberusftp Ftp Server 2.44

  • Cerberusftp Ftp Server 2.45

  • Cerberusftp Ftp Server 2.46

  • Cerberusftp Ftp Server 2.47

  • Cerberusftp Ftp Server 2.48

  • Cerberusftp Ftp Server 2.49

  • Cerberusftp Ftp Server 2.50

  • Cerberusftp Ftp Server 3.0

  • Cerberusftp Ftp Server 3.0.1

  • Cerberusftp Ftp Server 3.0.2

  • Cerberusftp Ftp Server 3.0.3

  • Cerberusftp Ftp Server 3.0.4

  • Cerberusftp Ftp Server 3.0.5

  • Cerberusftp Ftp Server 3.0.6

  • Cerberusftp Ftp Server 3.0.7

  • Cerberusftp Ftp Server 3.0.7.1

  • Cerberusftp Ftp Server 3.0.8

  • Cerberusftp Ftp Server 3.1

  • Cerberusftp Ftp Server 3.1.0.3

  • Cerberusftp Ftp Server 3.1.0.4

  • Cerberusftp Ftp Server 3.1.0.5

  • Cerberusftp Ftp Server 3.1.1

  • Cerberusftp Ftp Server 3.1.2

  • Cerberusftp Ftp Server 3.1.3

  • Cerberusftp Ftp Server 3.1.3.1

  • Cerberusftp Ftp Server 3.1.4

  • Cerberusftp Ftp Server 4.0.0

  • Cerberusftp Ftp Server 4.0.0.11

  • Cerberusftp Ftp Server 4.0.0.6

  • Cerberusftp Ftp Server 4.0.0.8

  • Cerberusftp Ftp Server 4.0.0.9

  • Cerberusftp Ftp Server 4.0.1

  • Cerberusftp Ftp Server 4.0.1.1

  • Cerberusftp Ftp Server 4.0.2

  • Cerberusftp Ftp Server 4.0.2.2

  • Cerberusftp Ftp Server 5.0.0.0

  • Cerberusftp Ftp Server 5.0.0.1

  • Cerberusftp Ftp Server 5.0.0.2

  • Cerberusftp Ftp Server 5.0.0.3

  • Cerberusftp Ftp Server 5.0.0.4

  • Cerberusftp Ftp Server 5.0.0.5

  • Cerberusftp Ftp Server 5.0.0.6

  • Cerberusftp Ftp Server 5.0.0.7

  • Cerberusftp Ftp Server 5.0.1.0

  • Cerberusftp Ftp Server 5.0.1.1

  • Cerberusftp Ftp Server 5.0.1.2

  • Cerberusftp Ftp Server 5.0.2.0

  • Cerberusftp Ftp Server 5.0.3.0

  • Cerberusftp Ftp Server 5.0.3.1

  • Cerberusftp Ftp Server 5.0.4.0

  • Cerberusftp Ftp Server 5.0.4.1

  • Cerberusftp Ftp Server 5.0.4.2

  • Cerberusftp Ftp Server 5.0.4.3


References

CERT-VN - VU#989684

CONFIRM - http://www.cerberusftp.com/products/releasenotes.html

BID - 55788


Last Updated: 27 May 2016 11:00:52