13 Juil 2015

CVE-2015-5397

Publié par . Publié dans CSRF Cross-Site Request Forgery

Vulnerability Details : CVE-2015-5397

Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
Publish Date : 2015-07-14 Last Update Date : 2015-07-14

- CVSS Scores & Vulnerability Types

CVSS Score	6.8
Confidentiality Impact	Partial(There is considerable informational disclosure.)
Integrity Impact	Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial(There is reduced performance or interruptions in resource availability.)
Access Complexity	Medium(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required(Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	CSRF
CWE ID	352

- Products Affected By CVE-2015-5397

#	Product Type	Vendor	Product	Version	Update
1	Application	Joomla	Joomla!	3.2.0		Version Details Vulnerabilities
2	Application	Joomla	Joomla!	3.2.1		Version Details Vulnerabilities
3	Application	Joomla	Joomla!	3.2.2		Version Details Vulnerabilities
4	Application	Joomla	Joomla!	3.2.3		Version Details Vulnerabilities
5	Application	Joomla	Joomla!	3.2.4		Version Details Vulnerabilities
6	Application	Joomla	Joomla!	3.2.5		Version Details Vulnerabilities
7	Application	Joomla	Joomla!	3.3.0		Version Details Vulnerabilities
8	Application	Joomla	Joomla!	3.3.1		Version Details Vulnerabilities
9	Application	Joomla	Joomla!	3.3.2		Version Details Vulnerabilities
10	Application	Joomla	Joomla!	3.3.3		Version Details Vulnerabilities
11	Application	Joomla	Joomla!	3.3.4		Version Details Vulnerabilities
12	Application	Joomla	Joomla!	3.3.5		Version Details Vulnerabilities
13	Application	Joomla	Joomla!	3.4.0	Beta3	Version Details Vulnerabilities
14	Application	Joomla	Joomla!	3.4.0	Beta2	Version Details Vulnerabilities
15	Application	Joomla	Joomla!	3.4.0	Beta1	Version Details Vulnerabilities
16	Application	Joomla	Joomla!	3.4.0	Alpha	Version Details Vulnerabilities
17	Application	Joomla	Joomla!	3.4.0		Version Details Vulnerabilities
18	Application	Joomla	Joomla!	3.4.0	RC	Version Details Vulnerabilities
19	Application	Joomla	Joomla!	3.4.1		Version Details Vulnerabilities
20	Application	Joomla	Joomla!	3.4.1	RC2	Version Details Vulnerabilities
21	Application	Joomla	Joomla!	3.4.1	RC	Version Details Vulnerabilities
22	Application	Joomla	Joomla!	3.4.2	RC	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Joomla	Joomla!	22

- References For CVE-2015-5397

http://www.securitytracker.com/id/1032796
SECTRACK 1032796

http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html CONFIRM

- Metasploit Modules Related To CVE-2015-5397

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)

CVE-2015-5397

Vulnerability Details : CVE-2015-5397

- CVSS Scores & Vulnerability Types

- Products Affected By CVE-2015-5397

- Number Of Affected Versions By Product

- References For CVE-2015-5397

- Metasploit Modules Related To CVE-2015-5397

Pour nous Contacter

Newsletter Cybersécurité

Ressources Sécurité

Notre expertise cybersécurité validée par de multiples certifications internationales