{"containers": {"cna": {"affected": [{"product": "cobbler", "vendor": "cobbler", "versions": [{"status": "affected", "version": "2011-09-28"}]}], "descriptions": [{"lang": "en", "value": "cobbler: Web interface lacks CSRF protection when using Django framework"}], "problemTypes": [{"descriptions": [{"description": "UNKNOWN_TYPE", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-19T15:29:47", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4952"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4952"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2011-4952"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:39.818Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4952"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4952"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2011-4952"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4952", "datePublished": "2019-11-19T15:29:47", "dateReserved": "2011-12-23T00:00:00", "dateUpdated": "2024-08-07T00:23:39.818Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cobblerd:cobbler:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CFB14EA-6617-42FD-8D8E-743B0DF942EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "cobbler: Web interface lacks CSRF protection when using Django framework"}, {"lang": "es", "value": "cobbler: La interfaz web carece de protecci\u00f3n contra un CSRF cuando es usado el framework Django."}], "id": "CVE-2011-4952", "lastModified": "2019-11-21T15:29:23.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-19T16:15:10.837", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2011-4952"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4952"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4952"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "(cobbler-web): Absent CSRF protection when using Django framework", "id": "811937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=811937"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-352", "details": ["cobbler: Web interface lacks CSRF protection when using Django framework"], "name": "CVE-2011-4952", "package_state": [{"cpe": "cpe:/a:redhat:network_satellite:5.4", "fix_state": "Not affected", "package_name": "Server", "product_name": "Red Hat Satellite 5.4"}], "public_date": "2011-09-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-4952\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4952"], "statement": "This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.4 as Red Hat Network Satellite Server did not include support for Cobbler web interface.", "threat_severity": "Moderate"}