[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-0214Date: (C)2013-02-02   (M)2023-12-22


Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-57631
OSVDB-89627
DSA-2617
RHSA-2013:1310
RHSA-2013:1542
RHSA-2014:0305
SUSE-SU-2013:0326
SUSE-SU-2013:0519
USN-2922-1
http://www.samba.org/samba/security/CVE-2013-0214
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
openSUSE-SU-2013:0277
openSUSE-SU-2013:0281

CPE    163
cpe:/a:samba:samba:3.0.2a
cpe:/a:samba:samba:3.0.21a
cpe:/a:samba:samba:3.0.23:a
cpe:/a:samba:samba:3.0.21c
...
CWE    1
CWE-352
OVAL    17
oval:org.secpod.oval:def:600957
oval:org.secpod.oval:def:104609
oval:org.secpod.oval:def:205821
oval:org.secpod.oval:def:106104
...

© SecPod Technologies