Uniform Server Multiple Cross-Site Request Forgery Vulnerabilities Network Vulnerability

Summary

This host is running Uniform Server and is prone to multiple Cross-Site Request Forgery vulnerabilities.

Impact

Successful exploitation will allow attackers to change the administrator's password by tricking a logged in administrator into visiting a malicious web site. Impact Level: Application.

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

Affected

Uniform Server version 5.6.5 and prior.

References

http://cross-site-scripting.blogspot.com/2010/05/uniform-server-565-xsrf.html
http://osvdb.org/64858
http://secunia.com/advisories/39913
http://xforce.iss.net/xforce/xfdb/58844

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2113

CVSS	Base Score: 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N

Related Vulnerabilities

MediaWiki Cross Site Request Forgery Vulnerability
Packeteer Web Management Interface Version
NetSaro Enterprise Messenger Cross Site Scripting and HTML Injection Vulnerabilities
phpLDAPadmin 'server_id' Parameter Cross Site Scripting Vulnerabilities
MoinMoin 'Despam' Action Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities