PT-2010-3854 · Accoria · Accoria Web Server
Ilja Van Sprundel
·
Publicado
2010-06-14
·
Atualizado
2010-06-16
·
CVE-2010-2268
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Accoria Web Server (aka Rock Web Server) version 1.4.7
Description
A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack administrator authentication for requests that create user accounts.
Recommendations
For Accoria Web Server (aka Rock Web Server) version 1.4.7, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests. As a temporary workaround, restrict access to the authcfg.cgi script to minimize the risk of exploitation.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Accoria Web Server