CVE-2012-1236

Sažetak

Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands.

Reference

http://blog.janetter.net/
http://janetter.net/history.html
http://jvn.jp/en/jp/JVN83459967/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000027
http://secunia.com/advisories/48480

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-06-2012 - 03:41

Objavljeno

19-03-2012 - 21:55