Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Suse Lifecycle Management Server | 1.0 |
| Novell | Suse Linux | 11 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://support.novell.com/security/cve/CVE-2010-1325.html
- http://www.securityfocus.com/bid/42121
- https://bugzilla.novell.com/show_bug.cgi?id=588284
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61006
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://support.novell.com/security/cve/CVE-2010-1325.html
- http://www.securityfocus.com/bid/42121
- https://bugzilla.novell.com/show_bug.cgi?id=588284
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61006
FAQ
What is CVE-2010-1325?
CVE-2010-1325 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authe...
How severe is CVE-2010-1325?
CVE-2010-1325 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1325?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Lifecycle Management Server, Novell Suse Linux.