Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-2522

Опубликовано: 26 июл. 2011
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6samba4Not affected
Red Hat Enterprise Linux 4sambaFixedRHSA-2011:121929.08.2011
Red Hat Enterprise Linux 5sambaFixedRHSA-2011:121929.08.2011
Red Hat Enterprise Linux 5samba3xFixedRHSA-2011:122029.08.2011
Red Hat Enterprise Linux 6cifs-utilsFixedRHSA-2011:122129.08.2011
Red Hat Enterprise Linux 6sambaFixedRHSA-2011:122129.08.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=721348(SWAT): Absent CSRF protection in various Samba web configuration formulars

EPSS

Процентиль: 96%
0.3021
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-2522

ubuntu
около 14 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

nvd логотип

CVE-2011-2522

nvd
около 14 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

debian логотип

CVE-2011-2522

debian
около 14 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samb ...

github логотип

GHSA-5cxg-6999-xfwq

github
больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

oracle-oval логотип

ELSA-2011-1220

oracle-oval
почти 14 лет назад

ELSA-2011-1220: samba3x security update (MODERATE)

EPSS

Процентиль: 96%
0.3021
Средний

4.3 Medium

CVSS2