CVE-2010-2594

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-2594
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://holisticinfosec.org/content/view/144/45/ Third Party Advisory
http://secunia.com/advisories/39562 Broken Link
http://www.kb.cert.org/vuls/id/173009 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/41226 Third Party Advisory VDB Entry
http://holisticinfosec.org/content/view/144/45/ Third Party Advisory
http://secunia.com/advisories/39562 Broken Link
http://www.kb.cert.org/vuls/id/173009 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/41226 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.4:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.7:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.6:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.4:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.3:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_epilog:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_epilog:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_epilog:1.1:*:*:*:*:*:*:*
cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.2:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.3:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.4:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.2:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
History

21 Nov 2024, 01:16

Type Values Removed Values Added
References () http://holisticinfosec.org/content/view/144/45/ - Third Party Advisory () http://holisticinfosec.org/content/view/144/45/ - Third Party Advisory
References () http://secunia.com/advisories/39562 - Broken Link () http://secunia.com/advisories/39562 - Broken Link
References () http://www.kb.cert.org/vuls/id/173009 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/173009 - Third Party Advisory, US Government Resource
References () http://www.securityfocus.com/bid/41226 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/41226 - Third Party Advisory, VDB Entry

17 May 2024, 17:27

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
First Time Linux linux Kernel
References () http://holisticinfosec.org/content/view/144/45/ - () http://holisticinfosec.org/content/view/144/45/ - Third Party Advisory
References () http://secunia.com/advisories/39562 - Vendor Advisory () http://secunia.com/advisories/39562 - Broken Link
References () http://www.kb.cert.org/vuls/id/173009 - US Government Resource () http://www.kb.cert.org/vuls/id/173009 - Third Party Advisory, US Government Resource
References () http://www.securityfocus.com/bid/41226 - () http://www.securityfocus.com/bid/41226 - Third Party Advisory, VDB Entry
Information

Published : 2010-07-02 12:43

Updated : 2025-04-11 00:51

NVD link : CVE-2010-2594

Mitre link : CVE-2010-2594

CVE.ORG link : CVE-2010-2594

JSON object : View

Products Affected

ibm

  • aix

microsoft

  • windows_xp
  • windows_2003_server
  • windows
  • windows_7
  • windows_server_2008
  • windows_2000
  • windows_vista

intersect_alliance

  • snare_epilog
  • snare_agent

linux

  • linux_kernel

sun

  • solaris

sgi

  • irix

unix

  • unix
CWE
CWE-352

Cross-Site Request Forgery (CSRF)