Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7259

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-7259
Last Modified 04 Aug 2014 05:42:45
Published 29 Apr 2014 10:38:47
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-7259

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.

Vulnerable Systems

Application

  • Neo4j 1.9.2


References

MISC - https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j

MLIST - [oss-security] 20140103 Re: Neo4J CSRF: Potential CVE candidate

MLIST - [oss-security] 20140103 Neo4J CSRF: Potential CVE candidate

MISC - http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html


Last Updated: 27 May 2016 11:05:08