CVE-2010-1325
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en apache2-slms package en SUSE Lifecycle Management Server (SLMS) v1.0 en SUSE Linux Enterprise (SLE) v11 permite a atacantes remotos secuestar la autenticación de víctimas no especificadas a través de vectores relacionados con parámetros citados inadecuados. NOSE: algunas fuentes reportan que esta vulnerabilidad en un producto llamado "Apache SLMS," pero ésto es incorrecto.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-04-08 CVE Reserved
- 2010-09-03 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://support.novell.com/security/cve/CVE-2010-1325.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/42121 | Vdb Entry | |
https://bugzilla.novell.com/show_bug.cgi?id=588284 | X_refsource_confirm | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/61006 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | 2017-08-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Novell Search vendor "Novell" | Suse Lifecycle Management Server Search vendor "Novell" for product "Suse Lifecycle Management Server" | 1.0 Search vendor "Novell" for product "Suse Lifecycle Management Server" and version "1.0" | - |
Affected
| in | Novell Search vendor "Novell" | Suse Linux Search vendor "Novell" for product "Suse Linux" | 11 Search vendor "Novell" for product "Suse Linux" and version "11" | enterprise |
Safe
|