VAR-200912-0430
Vulnerability from variot - Updated: 2023-12-18 12:52Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. The web management interface for the APC Network Monitoring Card (NMC) used in various APC devices contains cross-site scripting (XSS) and cross-site request forgery (CSRF/XSRF) vulnerabilities. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker could obtain credentials or perform certain actions as the victim, including turning off the NMC-based device and any systems attached to it. An attacker can exploit the cross-site request forgery issues to alter the settings on affected devices, which may lead to further network-based attacks. The attacker can exploit the cross-site scripting issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to the following are vulnerable: Network Management Card Firmware 3.7.2 Network Management Card Firmware 5.1.1. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
1) Input passed to various parameters (e.g. the "login_username" parameter in Forms/login1) is not properly sanitised before being returned to the user.
2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. create administrative users by tricking a logged-in administrative user into visiting a malicious web site.
Vulnerability #1 is reported in APC AP7932 Switched Rack PDU version 3.3.4 with application module version 3.7.0. Other APC NMC products and versions may also be affected.
SOLUTION: Filter malicious characters and character sequences using a proxy. Do not browse untrusted websites and do not follow untrusted links.
Apply updated firmware versions when available. Contact the vendor for additional details.
PROVIDED AND/OR DISCOVERED BY: Russ McRee, HolisticInfoSec.
Vulnerability #1 also independently discovered by Jamal Pecou.
ORIGINAL ADVISORY: HolisticInfoSec: http://holisticinfosec.org/content/view/111/45/
APC: http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887&p_created=1261587018&p_topview=1
Jamal Pecou: http://archives.neohapsis.com/archives/bugtraq/current/0219.html
OTHER REFERENCES: US-CERT VU#166739: http://www.kb.cert.org/vuls/id/166739
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200912-0430",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network management card",
"scope": "eq",
"trust": 1.0,
"vendor": "apc",
"version": "*"
},
{
"model": "switched rack pdu",
"scope": "eq",
"trust": 1.0,
"vendor": "apc",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "american power conversion corp",
"version": null
},
{
"model": "apc network management card",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric former name",
"version": null
},
{
"model": "apc switched rack pdu",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric former name",
"version": null
},
{
"model": "network management card",
"scope": null,
"trust": 0.6,
"vendor": "apc",
"version": null
},
{
"model": "switched rack pdu ap7932",
"scope": null,
"trust": 0.3,
"vendor": "apc",
"version": null
},
{
"model": "network management card",
"scope": "eq",
"trust": 0.3,
"vendor": "apc",
"version": "0"
},
{
"model": "network management card",
"scope": "ne",
"trust": 0.3,
"vendor": "apc",
"version": "5.1.1"
},
{
"model": "network management card",
"scope": "ne",
"trust": 0.3,
"vendor": "apc",
"version": "3.7.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:apc:network_management_card:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:apc:switched_rack_pdu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1797"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jamal Pecou, Russ McRee",
"sources": [
{
"db": "BID",
"id": "37338"
}
],
"trust": 0.3
},
"cve": "CVE-2009-1797",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-1797",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-39243",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1797",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200912-357",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-39243",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. The web management interface for the APC Network Monitoring Card (NMC) used in various APC devices contains cross-site scripting (XSS) and cross-site request forgery (CSRF/XSRF) vulnerabilities. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker could obtain credentials or perform certain actions as the victim, including turning off the NMC-based device and any systems attached to it. \nAn attacker can exploit the cross-site request forgery issues to alter the settings on affected devices, which may lead to further network-based attacks. \nThe attacker can exploit the cross-site scripting issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. \nVersions prior to the following are vulnerable:\nNetwork Management Card Firmware 3.7.2\nNetwork Management Card Firmware 5.1.1. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\n1) Input passed to various parameters (e.g. the \"login_username\"\nparameter in Forms/login1) is not properly sanitised before being\nreturned to the user. \n\n2) The application allows users to perform certain actions via HTTP\nrequests without performing any validity checks to verify the\nrequest. This can be exploited to e.g. create administrative users by\ntricking a logged-in administrative user into visiting a malicious web\nsite. \n\nVulnerability #1 is reported in APC AP7932 Switched Rack PDU version\n3.3.4 with application module version 3.7.0. Other APC NMC products\nand versions may also be affected. \n\nSOLUTION:\nFilter malicious characters and character sequences using a proxy. Do\nnot browse untrusted websites and do not follow untrusted links. \n\nApply updated firmware versions when available. Contact the vendor\nfor additional details. \n\nPROVIDED AND/OR DISCOVERED BY:\nRuss McRee, HolisticInfoSec. \n\nVulnerability #1 also independently discovered by Jamal Pecou. \n\nORIGINAL ADVISORY:\nHolisticInfoSec:\nhttp://holisticinfosec.org/content/view/111/45/\n\nAPC:\nhttp://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887\u0026p_created=1261587018\u0026p_topview=1\n\nJamal Pecou:\nhttp://archives.neohapsis.com/archives/bugtraq/current/0219.html\n\nOTHER REFERENCES:\nUS-CERT VU#166739:\nhttp://www.kb.cert.org/vuls/id/166739\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "PACKETSTORM",
"id": "84238"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#166739",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2009-1797",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "37744",
"trust": 2.7
},
{
"db": "BID",
"id": "37338",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-39243",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84238",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"id": "VAR-200912-0430",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39243"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:52:37.049000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "10887",
"trust": 0.8,
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/37744"
},
{
"trust": 2.3,
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"trust": 1.7,
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"trust": 1.2,
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887\u0026p_created=1261587018\u0026p_topview=1"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/508468/30/60/threaded"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/508468/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/37338/info"
},
{
"trust": 0.8,
"url": "http://www.apcmedia.com/salestools/pmar-82bmh5_r0_en.zip"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1797"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu166739/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1797"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/37338"
},
{
"trust": 0.3,
"url": "http://www.apc.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/37744/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/current/0219.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#166739"
},
{
"db": "VULHUB",
"id": "VHN-39243"
},
{
"db": "BID",
"id": "37338"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"db": "PACKETSTORM",
"id": "84238"
},
{
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-02-25T00:00:00",
"db": "CERT/CC",
"id": "VU#166739"
},
{
"date": "2009-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-39243"
},
{
"date": "2009-12-15T00:00:00",
"db": "BID",
"id": "37338"
},
{
"date": "2010-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"date": "2009-12-29T10:24:08",
"db": "PACKETSTORM",
"id": "84238"
},
{
"date": "2009-12-28T19:30:00.233000",
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"date": "2009-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-29T00:00:00",
"db": "CERT/CC",
"id": "VU#166739"
},
{
"date": "2010-06-29T00:00:00",
"db": "VULHUB",
"id": "VHN-39243"
},
{
"date": "2010-02-25T17:41:00",
"db": "BID",
"id": "37338"
},
{
"date": "2010-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002512"
},
{
"date": "2010-06-29T04:00:00",
"db": "NVD",
"id": "CVE-2009-1797"
},
{
"date": "2009-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery",
"sources": [
{
"db": "CERT/CC",
"id": "VU#166739"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-357"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…