exploitDog

CVE-2013-6443

Опубликовано: 14 янв. 2014

Источник: redhat

CVSS2: 3.5

EPSS Низкий

Описание

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-352

https://bugzilla.redhat.com/show_bug.cgi?id=1044178CFME: GET request CSRF vulnerability

EPSS

Процентиль: 27%

0.00095

Низкий

3.5 Low

CVSS2

Связанные уязвимости

CVE-2013-6443

nvd

около 12 лет назад

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.

GHSA-vvp8-xf2f-vgc6

github

больше 3 лет назад

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.

EPSS

Процентиль: 27%

0.00095

Низкий

3.5 Low

CVSS2