Lucene search

[email protected]CVE-2012-1415

HistoryDec 28, 2014 - 2:59 a.m.

CVE-2012-1415

2014-12-2802:59:03

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-1415

cross-site request forgery

csrf

vulnerability

dflabs ptk 1.0.5

nvd

security

authentication

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.7%

JSON

Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.

Affected configurations

NVD

Node

dflabsptkRange≤1.0.5

CPENameOperatorVersion
dflabs:ptkdflabs ptkle1.0.5

CPE	Name	Operator	Version
dflabs:ptk	dflabs ptk	le	1.0.5

References

www.exploit-db.com/exploits/18513/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for CVE-2012-1415

prion1 nvd1 cvelist1