acmailer CVE-2014-3896 Cross Site Request Forgery Vulnerability
BID:68982
Info
acmailer CVE-2014-3896 Cross Site Request Forgery Vulnerability
| Bugtraq ID: | 68982 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-3896 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 29 2014 12:00AM |
| Updated: | Jul 29 2014 12:00AM |
| Credit: | Kazuki Hirota of Keio University |
| Vulnerable: |
Seeds Co Ltd acmailer 3.9.9 Beta Seeds Co Ltd acmailer 3.8.16 |
| Not Vulnerable: |
Seeds Co Ltd acmailer 3.9.10 Beta Seeds Co Ltd acmailer 3.8.17 |
Discussion
acmailer CVE-2014-3896 Cross Site Request Forgery Vulnerability
acmailer is prone to a cross-site request-forgery vulnerability.
Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.
Versions prior to acmailer 3.8.17 and 3.9.10 Beta are vulnerable.
acmailer is prone to a cross-site request-forgery vulnerability.
Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.
Versions prior to acmailer 3.8.17 and 3.9.10 Beta are vulnerable.
Exploit / POC
acmailer CVE-2014-3896 Cross Site Request Forgery Vulnerability
To exploit the issue an attacker must entice a user into visiting a malicious site.
To exploit the issue an attacker must entice a user into visiting a malicious site.
References
acmailer CVE-2014-3896 Cross Site Request Forgery Vulnerability
References:
References:
- Acmailer Homepage (Acmailer)
- acmailer contains a cross-site request forgery vulnerability (JPCERT)