Multiple Cybozu Products Cross-Site Request Forgery Vulnerability
BID:59062
Info
Multiple Cybozu Products Cross-Site Request Forgery Vulnerability
| Bugtraq ID: | 59062 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-2305 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2013 12:00AM |
| Updated: | Apr 26 2013 11:10AM |
| Credit: | Reported by the vendor |
| Vulnerable: |
Cybozu Office 9 Cybozu Office 8.1.1 Cybozu Office 8 Cybozu Mailwise 4 |
| Not Vulnerable: | |
Discussion
Multiple Cybozu Products Cross-Site Request Forgery Vulnerability
Multiple Cybozu products are prone a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
Note: The information about 'Cybozu Office for Mobile' application has been moved to BID 59502 (Cybozu Office for Mobile CVE-2013-3269 Cross-Site Request Forgery Vulnerability) for better documentation.
The following products and versions are vulnerable:
Cybozu Office versions prior to 8.1.6 and 9.3.0
Cybozu Dezie versions prior to 8.0.7
Cybozu Mailwise versions prior to 5.0.4
Cybozu Mailwise versions prior to 4.0.6
Multiple Cybozu products are prone a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
Note: The information about 'Cybozu Office for Mobile' application has been moved to BID 59502 (Cybozu Office for Mobile CVE-2013-3269 Cross-Site Request Forgery Vulnerability) for better documentation.
The following products and versions are vulnerable:
Cybozu Office versions prior to 8.1.6 and 9.3.0
Cybozu Dezie versions prior to 8.0.7
Cybozu Mailwise versions prior to 5.0.4
Cybozu Mailwise versions prior to 4.0.6
Exploit / POC
Multiple Cybozu Products Cross-Site Request Forgery Vulnerability
To exploit this issue an attacker must entice an unsuspecting victim to follow a malicious URI.
To exploit this issue an attacker must entice an unsuspecting victim to follow a malicious URI.
Solution / Fix
Multiple Cybozu Products Cross-Site Request Forgery Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Multiple Cybozu Products Cross-Site Request Forgery Vulnerability
References:
References: