6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.7 Medium
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.6%
Yoshihiro Ishikawa discovered that the Samba Web Administration Tool (SWAT)
was vulnerable to cross-site request forgeries (CSRF). If a Samba
administrator were tricked into clicking a link on a specially crafted web
page, an attacker could trigger commands that could modify the Samba
configuration. (CVE-2011-2522)
Nobuhiro Tsuji discovered that the Samba Web Administration Tool (SWAT) did
not properly sanitize its input when processing password change requests,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain. (CVE-2011-2694)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | swat | < 3.0.28a-1ubuntu4.15 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpam-smbpass | < 3.0.28a-1ubuntu4.15 | UNKNOWN |
Ubuntu | 8.04 | noarch | libsmbclient | < 3.0.28a-1ubuntu4.15 | UNKNOWN |
Ubuntu | 8.04 | noarch | libsmbclient-dev | < 3.0.28a-1ubuntu4.15 | UNKNOWN |
Ubuntu | 8.04 | noarch | samba | < 3.0.28a-1ubuntu4.15 | UNKNOWN |
Ubuntu | 8.04 | noarch | samba-common | < 3.0.28a-1ubuntu4.15 | UNKNOWN |
Ubuntu | 8.04 | noarch | samba-dbg | < 3.0.28a-1ubuntu4.15 | UNKNOWN |
Ubuntu | 8.04 | noarch | smbclient | < 3.0.28a-1ubuntu4.15 | UNKNOWN |
Ubuntu | 8.04 | noarch | smbfs | < 3.0.28a-1ubuntu4.15 | UNKNOWN |
Ubuntu | 8.04 | noarch | winbind | < 3.0.28a-1ubuntu4.15 | UNKNOWN |