Lucene search
MitreCVE-2013-7057HistoryNov 04, 2014 - 3:55 p.m.
CVE-2013-7057
2014-11-0415:55:05
CWE-352
mitre
web.nvd.nist.gov
27
cve-2013-7057
cross-site request forgery
csrf vulnerability
axway securetransport
security vulnerability
file upload vulnerability
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.007
Percentile
80.4%
Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.
Affected configurations
Node
axwaysecuretransportRange≤5.1sp2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| axway | securetransport | * | cpe:2.3:a:axway:securetransport:*:sp2:*:*:*:*:*:* |
Related
exploitpack
exploitpack
zdt
zdt
Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF
2014-10-28 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-11-04 15:55:00
cvelist
cvelist
CVE-2013-7057
2014-11-04 15:00:00
nvd
nvd
CVE-2013-7057
2014-11-04 15:55:05
exploitdb
exploitdb
seebug
seebug
Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF
2014-11-13 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.007
Percentile
80.4%
Related for CVE-2013-7057