Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache2Triad | Apache2Triad | 1.5.4 |
Related Weaknesses (CWE)
References
- http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTExploitThird Party Advisory
- http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/100447Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/42520/ExploitThird Party AdvisoryVDB Entry
- http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTExploitThird Party Advisory
- http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/100447Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/42520/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-12970?
CVE-2017-12970 is a vulnerability with a CVSS score of 8.8 (HIGH). Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts ...
How severe is CVE-2017-12970?
CVE-2017-12970 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12970?
Check the references section above for vendor advisories and patch information. Affected products include: Apache2Triad Apache2Triad.