Ubuntu.comUB:CVE-2010-5285CVE-2010-5285
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
77.3%
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive
0.6.5 allows remote attackers to hijack the authentication of
administrators for requests that add administrative users via the edituser
action.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 11.10 | noarch | collabtive | < 0.7-1.1 | UNKNOWN |
| ubuntu | 12.04 | noarch | collabtive | < 0.7-1.1 | UNKNOWN |
| ubuntu | 12.10 | noarch | collabtive | < 0.7.6-1 | UNKNOWN |
References
packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt
secunia.com/advisories/41805
www.anatoliasecurity.com/adv/as-adv-2010-003.txt
www.exploit-db.com/exploits/15240
launchpad.net/bugs/cve/CVE-2010-5285
nvd.nist.gov/vuln/detail/CVE-2010-5285
security-tracker.debian.org/tracker/CVE-2010-5285
www.cve.org/CVERecord?id=CVE-2010-5285
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
77.3%