Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6342

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-6342
Last Modified 19 May 2014 11:57:31
Published 13 May 2014 10:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6342

Summary

Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment.

Vulnerable Systems

Application

  • Atlassian Confluence 3.4.6


References

BUGTRAQ - 20120920 [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities

MISC - http://www.halock.com/blog/cve-2012-6342-atlassian-confluence-multiple-cross-site-request-forgery-csrf-vulnerabilities

MISC - http://packetstormsecurity.com/files/116829/Atlassian-Confluence-3.0-Cross-Site-Request-Forgery.html

BUGTRAQ - 20130116 Re: [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities


Last Updated: 27 May 2016 11:05:12