Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Neo4J | Neo4J | 1.9.2 |
Related Weaknesses (CWE)
References
- http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
- http://www.openwall.com/lists/oss-security/2014/01/03/3
- http://www.openwall.com/lists/oss-security/2014/01/03/8
- https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j
- http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
- http://www.openwall.com/lists/oss-security/2014/01/03/3
- http://www.openwall.com/lists/oss-security/2014/01/03/8
- https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j
FAQ
What is CVE-2013-7259?
CVE-2013-7259 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrate...
How severe is CVE-2013-7259?
CVE-2013-7259 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7259?
Check the references section above for vendor advisories and patch information. Affected products include: Neo4J Neo4J.