Lucene search
MitreCVE-2009-3785HistoryOct 26, 2009 - 5:30 p.m.
CVE-2009-3785
2009-10-2617:30:00
CWE-352
mitre
web.nvd.nist.gov
27
cve-2009-3785
cross-site request forgery
csrf
simplenews statistics
drupal
authentication hijacking
security vulnerability
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.002
Percentile
61.1%
Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.
Affected configurations
Node
drupaldrupal
sjoerd_arendsensimplenews_statisticsMatch6.x-1.0
ORsjoerd_arendsensimplenews_statisticsMatch6.x-1.1
ORsjoerd_arendsensimplenews_statisticsMatch6.x-1.2
ORsjoerd_arendsensimplenews_statisticsMatch6.x-1.x-dev
| Vendor | Product | Version | CPE |
|---|---|---|---|
| drupal | drupal | * | cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* |
| sjoerd_arendsen | simplenews_statistics | 6.x-1.0 | cpe:2.3:a:sjoerd_arendsen:simplenews_statistics:6.x-1.0:*:*:*:*:*:*:* |
| sjoerd_arendsen | simplenews_statistics | 6.x-1.1 | cpe:2.3:a:sjoerd_arendsen:simplenews_statistics:6.x-1.1:*:*:*:*:*:*:* |
| sjoerd_arendsen | simplenews_statistics | 6.x-1.2 | cpe:2.3:a:sjoerd_arendsen:simplenews_statistics:6.x-1.2:*:*:*:*:*:*:* |
| sjoerd_arendsen | simplenews_statistics | 6.x-1.x-dev | cpe:2.3:a:sjoerd_arendsen:simplenews_statistics:6.x-1.x-dev:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2009-10-26 17:30:00
cvelist
cvelist
CVE-2009-3785
2009-10-26 17:00:00
nvd
nvd
CVE-2009-3785
2009-10-26 17:30:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.002
Percentile
61.1%
Related for CVE-2009-3785