CVE-2010-2268

{"id": "CVE-2010-2268", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-06-15T14:30:01.280", "references": [{"url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/245081", "tags": ["US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts."}, {"lang": "es", "value": "Una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en authcfg.cgi en Accoria Web Server (tambi\u00e9n conocido como Rock Web Server) v1.4.7 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores en las peticiones de creaci\u00f3n de cuentas de usuario."}], "lastModified": "2010-06-16T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:accoria:rock_web_server:1.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D07F604B-CCDD-4F78-93FA-C63273EAD480"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}