CVE-2016-6521

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.

Ссылки

http://www.openwall.com/lists/oss-security/2016/08/02/11
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/08/02/2
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/08/03/9
Third Party Advisory
http://www.securityfocus.com/bid/92267
https://github.com/sheehan/grails-console/issues/54
Exploit
Vendor Advisory
https://github.com/sheehan/grails-console/issues/55
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/08/02/11
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/08/02/2
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/08/03/9
Third Party Advisory
http://www.securityfocus.com/bid/92267
https://github.com/sheehan/grails-console/issues/54
Exploit
Vendor Advisory
https://github.com/sheehan/grails-console/issues/55
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gopivotal:grails:*:*:*:*:*:*:*:*

Версия до 1.5.9 (включая)

cpe:2.3:a:gopivotal:grails:2.0.6:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00286

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVE-2016-6521

CVSS3: 8.8

debian

около 9 лет назад

Cross-site request forgery (CSRF) vulnerability in Grails console (aka ...

GHSA-gw3r-3j9r-9c6f

CVSS3: 8.8

github

больше 3 лет назад

EPSS

Процентиль: 52%

0.00286

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352