[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-0545

Date: (C)2011-03-28   (M)2017-08-18 


Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1025242
EXPLOIT-DB-17026
http://www.securityfocus.com/archive/1/archive/1/517109/100/0/threaded
SECUNIA-43820
OSVDB-71261
SREASON-8160
ADV-2011-0727
http://sotiriu.de/adv/NSOADV-2011-001.txt
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00
symantec-lua-gui-csrf(66213)

CPE    1
cpe:/a:symantec:liveupdate_administrator:2.2.2.9
CWE    1
CWE-352

© 2013 SecPod Technologies