Limny Multiple Cross-site Request Forgery (CSRF) Vulnerabilities Network Vulnerability

Summary

This host is running Limny is prone to multiple cross-site request forgery vulnerabilities

Impact

Successful exploitation will allow remote attackers to change the administrative password or email address and add a new user by tricking an administrative user into visiting a malicious web site. Impact Level: Application.

Solution

Upgrade to Limny version 2.01 For updates refer to http://www.limny.org/

Insight

The multiple flaws are caused by improper validation of user-supplied input, which allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

Affected

Limny version 2.0

References

http://secunia.com/advisories/38616
http://www.exploit-db.com/exploits/11478
http://xforce.iss.net/xforce/xfdb/56318

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0709

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 showcase namespace XSS Vulnerability
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
Apache Struts2/XWork Remote Command Execution Vulnerability

Take action and discover your vulnerabilities