CVE-2010-2594

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
References
Link Resource
http://holisticinfosec.org/content/view/144/45/ Third Party Advisory
http://secunia.com/advisories/39562 Broken Link
http://www.kb.cert.org/vuls/id/173009 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/41226 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.4:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.7:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.6:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.4:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.3:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_epilog:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_epilog:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.1:*:*:*:*:*:*:*
cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.4:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.2:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*

History

17 May 2024, 17:27

Type Values Removed Values Added
References () http://holisticinfosec.org/content/view/144/45/ - () http://holisticinfosec.org/content/view/144/45/ - Third Party Advisory
References () http://secunia.com/advisories/39562 - Vendor Advisory () http://secunia.com/advisories/39562 - Broken Link
References () http://www.kb.cert.org/vuls/id/173009 - US Government Resource () http://www.kb.cert.org/vuls/id/173009 - Third Party Advisory, US Government Resource
References () http://www.securityfocus.com/bid/41226 - () http://www.securityfocus.com/bid/41226 - Third Party Advisory, VDB Entry
CPE cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
First Time Linux linux Kernel

Information

Published : 2010-07-02 12:43

Updated : 2024-05-17 17:27


NVD link : CVE-2010-2594

Mitre link : CVE-2010-2594

CVE.ORG link : CVE-2010-2594


JSON object : View

Products Affected

microsoft

  • windows_server_2008
  • windows_vista
  • windows_7
  • windows_xp
  • windows_2000
  • windows
  • windows_2003_server

intersect_alliance

  • snare_agent
  • snare_epilog

ibm

  • aix

unix

  • unix

linux

  • linux_kernel

sgi

  • irix

sun

  • solaris
CWE
CWE-352

Cross-Site Request Forgery (CSRF)