NVD

Id
27722  
Name
CVE-2015-6973  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-09-16  
Modified Date
2016-12-21  
Seq
2015-6973  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
145367 27722 CVE-2015-6973 http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt  View
145368 27722 CVE-2015-6973 http://packetstormsecurity.com/files/133554/Openfire-3.10.2-Cross-Site-Request-Forgery.html  View
145369 27722 CVE-2015-6973 20150915 Openfire 3.10.2 CSRF Vulnerabilities  View
145370 27722 CVE-2015-6973 38192  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
9566 JVNDB-2015-004886 Ignite Realtime Openfire におけるクロスサイトリクエストフォージェリの脆弱性 Ignite Realtime Openfire には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2015-6973 84198 CVE-2015-6973 27722 6.8 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-004886.html 2015-09-14 2015-09-28 View