Brekeke PBX Cross-Site Request Forgery Vulnerability Network Vulnerability

Summary

This host is running Brekeke PBX and is prone to Cross-Site Request Forgery Vulnerability.

Impact

Successful exploitation will allow attackers to change the administrator's password by tricking a logged in administrator into visiting a malicious web site. Impact Level: Application.

Solution

Upgrade to Brekeke PBX version 2.4.6.7 or later. For updates refer to http://www.brekeke.com/

Insight

The flaw exists in the application which fails to perform validity checks on certain 'HTTP reqests', which allows an attacker to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean.

Affected

Brekeke PBX version 2.4.4.8

References

http://cross-site-scripting.blogspot.com/2010/05/brekeke-pbx-2448-cross-site-request.html
http://osvdb.org/64950
http://secunia.com/advisories/39952

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2114
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

RemotelyAnywhere Cross Site Scripting
MediaWiki Multiple XSS Vulnerabilities
MoinMoin 'Despam' Action Cross-Site Scripting Vulnerability
DIRB (NASL wrapper)
OTRS Rich-text-editor XSS Vulnerability

Take action and discover your vulnerabilities