NASLDB: Debian DSA-2510-1 : extplorer - Cross-site request forgery
General
ID: 59961
Name: Debian DSA-2510-1 : extplorer – Cross-site request forgery
Summary: Checks dpkg output for the updated package
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –
Port: 0
Family: Debian Local Security Checks
Type: Local
Description
John Leitch has discovered a vulnerability in eXtplorer, a very
feature rich web server file manager, which can be exploited by
malicious people to conduct cross-site request forgery attacks.
The vulnerability allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the request.
This can be exploited for example, to create an administrative user
account by tricking an logged administrator to visiting an
attacker-defined web link.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2012-3362
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2012/07/12
Plugin Release: 2012/07/13
Plugin
Version: 1.2
Filename: debian_DSA-2510.nasl
Filesize: 3114 bytes
MD5 Hash: c9c691c209e442e99688e669f959235e
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"
Copyright: This script is© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack