Uniform Server Multiple Cross-Site Request Forgery Vulnerabilities Network Vulnerability

Summary

This host is running Uniform Server and is prone to multiple Cross-Site Request Forgery vulnerabilities.

Impact

Successful exploitation will allow attackers to change the administrator's password by tricking a logged in administrator into visiting a malicious web site. Impact Level: Application.

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

Affected

Uniform Server version 5.6.5 and prior.

References

http://cross-site-scripting.blogspot.com/2010/05/uniform-server-565-xsrf.html
http://osvdb.org/64858
http://secunia.com/advisories/39913
http://xforce.iss.net/xforce/xfdb/58844

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2113
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

Related Vulnerabilities

Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities
Brekeke PBX Cross-Site Request Forgery Vulnerability
Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 Password Information Disclosure Vulnerability
OTRS 'AgentTicketZoom' HTML Injection Vulnerability
Ariadne Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities