CVE

Id
27143  
CVE No.
CVE-2007-3786  
Status
Candidate  
Description
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer.  
Phase
Assigned (20070715)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
277915 27143 CVE-2007-3786 BUGTRAQ:20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack  View
277916 27143 CVE-2007-3786 URL:http://www.securityfocus.com/archive/1/archive/1/473663/100/0/threaded  View
277917 27143 CVE-2007-3786 MISC:http://labs.calyptix.com/CX-2007-05.php  View
277918 27143 CVE-2007-3786 MISC:http://labs.calyptix.com/CX-2007-05.txt  View
277919 27143 CVE-2007-3786 MISC:http://www.eweek.com/article2/0,1759,2154646,00.asp  View
277920 27143 CVE-2007-3786 OSVDB:38174  View
277921 27143 CVE-2007-3786 URL:http://osvdb.org/38174  View
277922 27143 CVE-2007-3786 VUPEN:ADV-2007-2539  View
277923 27143 CVE-2007-3786 URL:http://www.vupen.com/english/advisories/2007/2539  View
277924 27143 CVE-2007-3786 SECUNIA:26005  View
277925 27143 CVE-2007-3786 URL:http://secunia.com/advisories/26005  View
277926 27143 CVE-2007-3786 XF:instagate-unspecified-csrf(35372)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
53662 JVNDB-2007-002354 eSoft InstaGate EX2 UTM デバイスにおける重要な情報が取得される脆弱性 eSoft InstaGate EX2 UTM デバイスは、HTML 文書の設定内に admin パスワードを格納するため、重要な情報が取得される脆弱性が存在します。 CVE-2007-3788 27143 7.6 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002354.html  View