Lucene search

[email protected]NVD:CVE-2009-1802

HistoryMay 28, 2009 - 2:30 p.m.

CVE-2009-1802

2009-05-2814:30:00

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.002

Percentile

60.4%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.

Affected configurations

Nvd

Node

freepbxfreepbxMatch2.4

freepbxfreepbxMatch2.4.0_beta1

freepbxfreepbxMatch2.4.0_beta2

freepbxfreepbxMatch2.4.1

freepbxfreepbxMatch2.5

freepbxfreepbxMatch2.5.0_beta1

freepbxfreepbxMatch2.5.0rc2

freepbxfreepbxMatch2.5.0rc3

freepbxfreepbxMatch2.5.1

freepbxfreepbxMatch2.5.2

sangomafreepbxMatch2.4.0

sangomafreepbxMatch2.5.0

VendorProductVersionCPE
freepbxfreepbx2.4cpe:2.3:a:freepbx:freepbx:2.4:*:*:*:*:*:*:*
freepbxfreepbx2.4.0_beta1cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*
freepbxfreepbx2.4.0_beta2cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:*:*:*:*:*:*:*
freepbxfreepbx2.4.1cpe:2.3:a:freepbx:freepbx:2.4.1:*:*:*:*:*:*:*
freepbxfreepbx2.5cpe:2.3:a:freepbx:freepbx:2.5:*:*:*:*:*:*:*
freepbxfreepbx2.5.0_beta1cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:*:*:*:*:*:*:*
freepbxfreepbx2.5.0rc2cpe:2.3:a:freepbx:freepbx:2.5.0rc2:*:*:*:*:*:*:*
freepbxfreepbx2.5.0rc3cpe:2.3:a:freepbx:freepbx:2.5.0rc3:*:*:*:*:*:*:*
freepbxfreepbx2.5.1cpe:2.3:a:freepbx:freepbx:2.5.1:*:*:*:*:*:*:*
freepbxfreepbx2.5.2cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
freepbx	freepbx	2.4	cpe:2.3:a:freepbx:freepbx:2.4:::::::*
freepbx	freepbx	2.4.0_beta1	cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:::::::*
freepbx	freepbx	2.4.0_beta2	cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:::::::*
freepbx	freepbx	2.4.1	cpe:2.3:a:freepbx:freepbx:2.4.1:::::::*
freepbx	freepbx	2.5	cpe:2.3:a:freepbx:freepbx:2.5:::::::*
freepbx	freepbx	2.5.0_beta1	cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:::::::*
freepbx	freepbx	2.5.0rc2	cpe:2.3:a:freepbx:freepbx:2.5.0rc2:::::::*
freepbx	freepbx	2.5.0rc3	cpe:2.3:a:freepbx:freepbx:2.5.0rc3:::::::*
freepbx	freepbx	2.5.1	cpe:2.3:a:freepbx:freepbx:2.5.1:::::::*
freepbx	freepbx	2.5.2	cpe:2.3:a:freepbx:freepbx:2.5.2:::::::*

Rows per page:

1-10 of 121

References

freepbx.org/trac/ticket/3660

osvdb.org/54262

secunia.com/advisories/34772

www.securityfocus.com/bid/34857

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.002

Percentile

60.4%

JSON

Related for NVD:CVE-2009-1802

prion1 cvelist1 cve1