CVE-2008-0182

Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/28742	Vendor Advisory
http://support.liferay.com/browse/LEP-4739
http://www.kb.cert.org/vuls/id/767825	US Government Resource
http://secunia.com/advisories/28742	Vendor Advisory
http://support.liferay.com/browse/LEP-4739
http://www.kb.cert.org/vuls/id/767825	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:liferay:liferay_enterprise_portal:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:41

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/28742 - Vendor Advisory~~	() http://secunia.com/advisories/28742 - Vendor Advisory
References	~~() http://support.liferay.com/browse/LEP-4739 -~~	() http://support.liferay.com/browse/LEP-4739 -
References	~~() http://www.kb.cert.org/vuls/id/767825 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/767825 - US Government Resource

Information

Published : 2008-02-05 00:00

Updated : 2024-11-21 00:41

NVD link : CVE-2008-0182

Mitre link : CVE-2008-0182

CVE.ORG link : CVE-2008-0182

JSON object : View

Products Affected

liferay

liferay_enterprise_portal

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2008-0182", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-02-05T00:00:00.000", "references": [{"url": "http://secunia.com/advisories/28742", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://support.liferay.com/browse/LEP-4739", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/767825", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/28742", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.liferay.com/browse/LEP-4739", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/767825", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el portlet Admin de Liferay Portal en versiones anteriores a 4.4.0. Permite a usuario autenticados remotamente realizar acciones sin especificar como otros usuarios autenticados sin especificar a trav\u00e9s del mensaje de Shutdown (apagado)."}], "lastModified": "2024-11-21T00:41:21.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:liferay:liferay_enterprise_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68EA9FF6-2115-409D-9523-B1CA74941FB5", "versionEndIncluding": "4.3.6"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}