CVE-2011-1905

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Bounce Attack

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 05/05/11 - Updated on 31/05/11

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors.

Category: Bounce Attack

CWE-352 (Cross-Site Request Forgery (CSRF))
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Security Notices

US National Vulnerability DatabaseCVE-2011-1905

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
proofpointmessaging_security_gateway
proofpointprotection_server

Share this vulnerability with:

Twitter Facebook LinkedIn Mail