CVE-2015-5395

Опубликовано: 20 сент. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

Ссылки

http://www.openwall.com/lists/oss-security/2015/07/10/9
Mailing List
Third Party Advisory
https://github.com/inverse-inc/sogo/commit/582baf2960969c73f98643e46cfb49432c30b711
Patch
Third Party Advisory
https://lists.debian.org/debian-lts/2016/05/msg00197.html
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2015-5395/
Patch
Third Party Advisory
https://sogo.nu/bugs/view.php?id=3246
Exploit
Issue Tracking
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/07/10/9
Mailing List
Third Party Advisory
https://github.com/inverse-inc/sogo/commit/582baf2960969c73f98643e46cfb49432c30b711
Patch
Third Party Advisory
https://lists.debian.org/debian-lts/2016/05/msg00197.html
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2015-5395/
Patch
Third Party Advisory
https://sogo.nu/bugs/view.php?id=3246
Exploit
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*

Версия до 3.1.0 (исключая)

EPSS

Процентиль: 58%

0.00363

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVE-2015-5395

CVSS3: 8.8

ubuntu

больше 8 лет назад

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

CVE-2015-5395

CVSS3: 8.8

debian

больше 8 лет назад

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

GHSA-79jp-f6c4-wq28

CVSS3: 8.8

github

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

EPSS

Процентиль: 58%

0.00363

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352