Vulnerability Note VU#173009
Snare Agent web interface cross-site request forgery vulnerabilities
The Snare Agent web interface is susceptible to cross-site request forgery attacks.
The web interface allows the administrator to manage several agent settings, including changing the listening port and password. These HTTP requests do not perform proper validity checks and are susceptible to a cross-site request forgery attack.
The vulnerability is reported in the following products and versions:
An attacker can change several agent settings, such as the password or listening port, if able to trick an administrator into visiting a specially crafted link.
The vendor has released patched versions of the agent to remediate this issue.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|InterSect Alliance||Affected||-||01 Jul 2010|
CVSS Metrics (Learn More)
Thanks to Russ McRee for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: Unknown
- Date Public: 29 Jun 2010
- Date First Published: 29 Jun 2010
- Date Last Updated: 01 Jul 2010
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.