Vulnerability Description
A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileges by modifying existing user accounts to have administrator access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Network Satellite Server | 5.3.0 |
| Redhat | Spacewalk-Java | 1.2.39 |
Related Weaknesses (CWE)
References
- http://securitytracker.com/id?1025674
- http://www.redhat.com/support/errata/RHSA-2011-0879.htmlPatchVendor Advisory
- https://access.redhat.com/security/cve/CVE-2009-4139
- https://bugzilla.redhat.com/show_bug.cgi?id=529483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68074
- http://securitytracker.com/id?1025674
- http://www.redhat.com/support/errata/RHSA-2011-0879.htmlPatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=529483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68074
FAQ
What is CVE-2009-4139?
CVE-2009-4139 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauth...
How severe is CVE-2009-4139?
CVE-2009-4139 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4139?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Network Satellite Server, Redhat Spacewalk-Java.