Vulnerability & Exploit Database

Back to search

Samba CVE-2011-2522: Cross-Site Request Forgery in SWAT

Severity CVSS Published Added Modified
7 (AV:N/AC:M/Au:N/C:P/I:P/A:P) July 28, 2011 November 12, 2013 May 26, 2016

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

samba-upgrade-3_5_10

Related Vulnerabilities