{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"name": "google-app-engine-csrf(69958)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69958"}, {"name": "50075", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50075"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1364", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes", "refsource": "MISC", "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"name": "google-app-engine-csrf(69958)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69958"}, {"name": "50075", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50075"}, {"name": "http://blog.watchfire.com/files/googleappenginesdk.pdf", "refsource": "MISC", "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:21:34.074Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"name": "google-app-engine-csrf(69958)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69958"}, {"name": "50075", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/50075"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1364", "datePublished": "2011-10-30T19:00:00", "dateReserved": "2011-03-10T00:00:00", "dateUpdated": "2024-08-06T22:21:34.074Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:app_engine_python_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "B180320A-31A2-4944-9237-8BA7420F607F", "versionEndIncluding": "1.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "418F092D-7DCC-4CF6-BE21-90A9E635DB29", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A802984F-7EB3-426A-B829-DE77BD54D0A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F29B1A84-A9C9-424D-9CAE-82D8D81388EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A5E098ED-71C0-45BE-8607-7FCE6604155F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EB6A1B5-9884-4C87-A568-015F6471E80F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B6488791-DB99-474A-AE2E-9EC5B7EED80A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "08C5B802-51C1-4544-8DBF-E2ACF5F23981", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F5F9EB0C-D15B-4C8A-B2D1-899738AB587A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "9B8002EF-0B6E-4B06-814F-BD0FB259EE2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "B7DD00F8-C815-4144-A230-8024C5337ECB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "DB94D124-3EB3-4060-A0F4-710A5EA881E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "A76BC88A-C6AC-4A26-9D01-EDCB95455B5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "94A92AB1-CBF6-4DD1-9CF5-83043828A6C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D203CA1-F53B-4D34-80D8-D86C180D0328", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A963A0BF-C8F2-49EA-BBAC-B029B8E093FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "9D7B090E-F65F-4FC9-88FE-44A928CFD9DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "2BF95B31-ED3B-4D51-82E4-9EA666D9D2E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "88354A89-1CFD-4758-8AD0-85443E251B9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "9C7D8D57-E599-476C-BF75-2D0905E29FCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "EA34B527-47AE-4187-B50A-BF6AC6CFE913", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "662EF41D-0DBE-466C-87F7-CA126099A737", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5DA449B-81EF-4746-A626-E545B2B21B87", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2E6F72E0-D32A-4995-8C5A-3B7E71908DCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D48D7C01-07EA-4628-A975-E418705F8DD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "4CC602DA-5413-415F-B388-C48F35511124", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "2526A4F7-777B-4186-B882-C8133DBE6F15", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "427C84D8-3120-4782-AB6F-5125419313A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "B92FB779-4C11-4DE1-901D-B86AACDD8657", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "336FF655-214F-49DA-AE27-C8DEA07074E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4985C56-1E3C-4AC5-AE1C-609D46DF2266", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F27B63FC-B939-44AA-8CB5-8FD48CD78F00", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "55284E5B-F681-4691-98C7-5BC7259A7417", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "7845EF6F-6E92-4200-AF9C-F0F738DDF4E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9856F64E-AF14-40C8-BC3D-E63627BF00C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "A85D7A70-C071-4A00-8E1E-DB0DE933494E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA99DEEB-515E-4C19-B56A-11F5E7095306", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF)en _ah/admin/interactive/execute (tambi\u00e9n conocido como Interactive Console) en SDK Console (tambi\u00e9n Admin Console) en Google App Engine Python SDK anterior a v1.5.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para las peticiones que ejecutar c\u00f3digo arbitrario a trav\u00e9s de Python el par\u00e1metro \"code\"."}], "id": "CVE-2011-1364", "lastModified": "2017-08-17T01:34:06.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-10-30T19:55:00.913", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/50075"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69958"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}