CVE-2016-4311

Опубликовано: 17 фев. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request.

Ссылки

http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/539199/100/0/threaded
http://www.securityfocus.com/bid/92485
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/40239/
Exploit
Third Party Advisory
VDB Entry
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096
Patch
Vendor Advisory
http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/539199/100/0/threaded
http://www.securityfocus.com/bid/92485
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/40239/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wso2:identity_server:5.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.0028

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-839c-vxrv-chvh