Greenbone Security Assistant Cross-Site Request Forgery Vulnerability Network Vulnerability

Summary

This host is installed with Greenbone Security Assistant and is prone to cross-site request forgery vulnerability.

Impact

Successful exploitation will allow attacker to conduct cross-site request forgery attacks.

Solution

Apply the patch from the below link or upgrade to latest version, http://wald.intevation.org/frs/download.php/829/openvas-manager-1.0.4.tar.gz, For updates refer to http://www.openvas.org

Insight

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to execute arbitrary commands in OVS Manager by tricking a logged in administrative user into visiting a malicious web site.

Affected

Greenbone Security Assistant version 1.0.3 and prior.

References

http://secunia.com/advisories/43092
http://www.openvas.org/OVSA20110118.html
http://www.securityfocus.com/archive/1/archive/1/515971/100/0/threaded
http://xforce.iss.net/xforce/xfdb/65012

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0650

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
Apple Safari 'SRC' Remote Denial Of Service Vulnerability
Apache Tomcat Multiple Vulnerabilities - 01 Mar14

Take action and discover your vulnerabilities