Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4053

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4053
Last Modified 26 Jul 2012 12:00:00
Published 25 Jul 2012 03:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4053

Summary

Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Vulnerable Systems

Application

  • Ez Publish 4.1

  • Ez Publish 4.2

  • Ez Publish 4.3


References

XF - ezpublish-ezoe-csrf(76811)

CONFIRM - http://share.ez.no/community-project/security-advisories/ezsa-2012-009-ezoe-flash-player-csrf-security-issues

SECUNIA - 49812

OSVDB - 83676


Last Updated: 27 May 2016 10:54:58