CVE-2010-2594 - OpenCVE

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix
Intersect Alliance	Snare Agent Snare Epilog
Linux	Linux Kernel
Microsoft	Windows Windows 2000 Windows 2003 Server Windows 7 Windows Server 2008 Windows Vista Windows Xp
Sgi	Irix
Sun	Solaris
Unix	Unix

Configuration 1 [-]

AND

OR	cpe:2.3:a:intersect_alliance:snare_agent::::::::
	cpe:2.3:a:intersect_alliance:snare_agent:2.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:2.1:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:2.3:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:2.4:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:2.5:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:2.5.2:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:2.5.3:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:2.5.4:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:2.5.6:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:2.5.7:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:3.2.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:3.2.1:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:3.2.2:::::::*

cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:intersect_alliance:snare_agent::::::::
	cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:3.1.2:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:3.1.3:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:3.1.4:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:3.1.5:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:3.1.6:::::::*

OR	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_2003_server::::::::
	cpe:2.3:o:microsoft:windows_xp::::::::

Configuration 3 [-]

AND

OR	cpe:2.3:a:intersect_alliance:snare_agent::::::::
	cpe:2.3:a:intersect_alliance:snare_agent:0.9.2:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:0.9.6:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:0.9.7:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:0.9.7a:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:0.9.8:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.1:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.2:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.3:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.4:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.4.1:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:a:intersect_alliance:snare_agent::::::::
	cpe:2.3:a:intersect_alliance:snare_agent:1.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.2:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.3:::::::*

cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:a:intersect_alliance:snare_epilog::::::::
	cpe:2.3:a:intersect_alliance:snare_epilog:1.1:::::::*
	cpe:2.3:a:intersect_alliance:snare_epilog:1.2:::::::*
	cpe:2.3:a:intersect_alliance:snare_epilog:1.3:::::::*
	cpe:2.3:a:intersect_alliance:snare_epilog:1.3.1:::::::*
	cpe:2.3:a:intersect_alliance:snare_epilog:1.3.3:::::::*
	cpe:2.3:a:intersect_alliance:snare_epilog:1.4.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_epilog:1.5.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_epilog:1.5.1:::::::*
	cpe:2.3:a:intersect_alliance:snare_epilog:1.5.2:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:a:intersect_alliance:snare_epilog::::::::
	cpe:2.3:a:intersect_alliance:snare_epilog:1.1:::::::*

cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:a:intersect_alliance:snare_agent::::::::
	cpe:2.3:a:intersect_alliance:snare_agent:1.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.2:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.3:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.4:::::::*

cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:a:intersect_alliance:snare_agent::::::::
	cpe:2.3:a:intersect_alliance:snare_agent:1.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.0.1:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.1.0:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.1.1:::::::*
	cpe:2.3:a:intersect_alliance:snare_agent:1.1.2:::::::*

OR	cpe:2.3:o:microsoft:windows_7::::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:::::::*
	cpe:2.3:o:microsoft:windows_vista::::::::

No data.

References

Link	Providers
http://holisticinfosec.org/content/view/144/45/
http://secunia.com/advisories/39562
http://www.kb.cert.org/vuls/id/173009
http://www.securityfocus.com/bid/41226

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-07-01T18:00:00Z

Updated: 2024-09-16T22:02:22.454Z

Reserved: 2010-07-01T00:00:00Z

Link: CVE-2010-2594

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2010-07-02T12:43:52.970

Modified: 2024-05-17T17:27:21.590

Link: CVE-2010-2594

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object