Vulnerability Name: | CVE-2013-7107 (CCN-89800) |
Assigned: | 2013-12-16 |
Published: | 2013-12-16 |
Updated: | 2014-03-06 |
Summary: | Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106.
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None |
|
Vulnerability Type: | CWE-352
|
Vulnerability Consequences: | Cross-Site Scripting |
References: | Source: MITRE Type: CNA CVE-2013-7107
Source: SUSE Type: UNKNOWN openSUSE-SU-2014:0269
Source: CCN Type: oss-sec Mailing List, Mon, 16 Dec 2013 21:22:40 +0100 Fwd: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251)
Source: CCN Type: SA55990 Icinga Cross-Site Request Forgery Vulnerability
Source: CCN Type: Icinga Web site Home - Icinga: Open Source Monitoring
Source: MLIST Type: UNKNOWN [oss-security] 20131216 Fwd: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251)
Source: CCN Type: OSVDB ID: 101021 Icinga Web Interface Multiple Admin Function CSRF
Source: CCN Type: BID-64370 Icinga CVE-2013-7107 Cross Site Request Forgery Vulnerability
Source: MISC Type: Vendor Advisory https://dev.icinga.org/issues/5250
Source: CONFIRM Type: Vendor Advisory https://dev.icinga.org/issues/5346
Source: XF Type: UNKNOWN icinga-cve20137107-csrf(89800)
Source: CONFIRM Type: Vendor Advisory https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/
Source: CCN Type: WhiteSource Vulnerability Database CVE-2013-7107
|
Vulnerable Configuration: | Configuration 1: cpe:/a:icinga:icinga:0.8.0:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:0.8.1:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:0.8.2:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:0.8.3:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:0.8.4:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.0:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.0:rc1:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.0.1:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.0.2:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.0.3:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.2.0:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.2.1:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.3.0:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.3.1:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.4.0:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.4.1:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.6.0:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.6.1:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.6.2:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.7.0:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.7.1:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.7.2:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.7.3:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.7.4:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.8.0:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.8.1:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.8.2:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.8.3:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.8.4:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.8.5:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.9.0:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.9.1:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.9.2:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.9.3:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.9.4:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.10.0:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.10.1:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:*:*:*:*:*:*:*:* (Version <= 1.10.2) Configuration CCN 1: cpe:/a:icinga:icinga:1.8.4:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.10.1:*:*:*:*:*:*:*OR cpe:/a:icinga:icinga:1.9.3:*:*:*:*:*:*:* Denotes that component is vulnerable |
Oval Definitions |
|
BACK |