CVE-2012-3362 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Vendor	Product	Version
extplorer	extplorer	𝑥 ≤ 2.1.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

extplorer

zesty	dne
yakkety	dne
xenial	not-affected
wily	not-affected
vivid	not-affected
utopic	not-affected
trusty	dne
saucy	not-affected
raring	not-affected
quantal	not-affected
precise	ignored
oneiric	ignored
natty	Fixed 2.1.0b6+dfsg.2-1+squeeze1build0.11.04.1 released
lucid	dne
hardy	dne

Known Exploits!

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-site.Request.Forgery_174.html

http://www.debian.org/security/2012/dsa-2510

http://www.openwall.com/lists/oss-security/2012/06/24/1

http://www.openwall.com/lists/oss-security/2012/06/25/1

http://www.openwall.com/lists/oss-security/2012/06/26/1

http://www.openwall.com/lists/oss-security/2012/06/27/1

http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-site.Request.Forgery_174.html

http://www.debian.org/security/2012/dsa-2510

http://www.openwall.com/lists/oss-security/2012/06/24/1

http://www.openwall.com/lists/oss-security/2012/06/25/1

http://www.openwall.com/lists/oss-security/2012/06/26/1

http://www.openwall.com/lists/oss-security/2012/06/27/1