CVE-2010-2594: CSRF
First published: Thu Jul 01 2010(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| InterSect Alliance Snare Agent | <=3.2.3 | |
| InterSect Alliance Snare Agent | =2.0 | |
| InterSect Alliance Snare Agent | =2.1 | |
| InterSect Alliance Snare Agent | =2.3 | |
| InterSect Alliance Snare Agent | =2.4 | |
| InterSect Alliance Snare Agent | =2.5 | |
| InterSect Alliance Snare Agent | =2.5.2 | |
| InterSect Alliance Snare Agent | =2.5.3 | |
| InterSect Alliance Snare Agent | =2.5.4 | |
| InterSect Alliance Snare Agent | =2.5.6 | |
| InterSect Alliance Snare Agent | =2.5.7 | |
| InterSect Alliance Snare Agent | =3.0.0 | |
| InterSect Alliance Snare Agent | =3.1.0 | |
| InterSect Alliance Snare Agent | =3.2.0 | |
| InterSect Alliance Snare Agent | =3.2.1 | |
| InterSect Alliance Snare Agent | =3.2.2 | |
| Oracle Solaris SPARC | ||
| All of | ||
| Any of | ||
| InterSect Alliance Snare Agent | <=3.1.7 | |
| InterSect Alliance Snare Agent | =3.0.0 | |
| InterSect Alliance Snare Agent | =3.1.0 | |
| InterSect Alliance Snare Agent | =3.1.2 | |
| InterSect Alliance Snare Agent | =3.1.3 | |
| InterSect Alliance Snare Agent | =3.1.4 | |
| InterSect Alliance Snare Agent | =3.1.5 | |
| InterSect Alliance Snare Agent | =3.1.6 | |
| Any of | ||
| Microsoft Windows 2000 | ||
| Microsoft Windows 2003 Server | ||
| Microsoft Windows XP | ||
| All of | ||
| Any of | ||
| InterSect Alliance Snare Agent | <=1.5.0 | |
| InterSect Alliance Snare Agent | =0.9.2 | |
| InterSect Alliance Snare Agent | =0.9.6 | |
| InterSect Alliance Snare Agent | =0.9.7 | |
| InterSect Alliance Snare Agent | =0.9.7a | |
| InterSect Alliance Snare Agent | =0.9.8 | |
| InterSect Alliance Snare Agent | =1.0 | |
| InterSect Alliance Snare Agent | =1.1 | |
| InterSect Alliance Snare Agent | =1.2 | |
| InterSect Alliance Snare Agent | =1.3 | |
| InterSect Alliance Snare Agent | =1.4 | |
| InterSect Alliance Snare Agent | =1.4.1 | |
| Linux Kernel | ||
| All of | ||
| Any of | ||
| InterSect Alliance Snare Agent | <=1.4 | |
| InterSect Alliance Snare Agent | =1.0 | |
| InterSect Alliance Snare Agent | =1.2 | |
| InterSect Alliance Snare Agent | =1.3 | |
| SGI IRIX | ||
| All of | ||
| Any of | ||
| InterSect Alliance SNARE Epilog | <=1.5.3 | |
| InterSect Alliance SNARE Epilog | =1.1 | |
| InterSect Alliance SNARE Epilog | =1.2 | |
| InterSect Alliance SNARE Epilog | =1.3 | |
| InterSect Alliance SNARE Epilog | =1.3.1 | |
| InterSect Alliance SNARE Epilog | =1.3.3 | |
| InterSect Alliance SNARE Epilog | =1.4.0 | |
| InterSect Alliance SNARE Epilog | =1.5.0 | |
| InterSect Alliance SNARE Epilog | =1.5.1 | |
| InterSect Alliance SNARE Epilog | =1.5.2 | |
| Microsoft Windows | ||
| All of | ||
| Any of | ||
| InterSect Alliance SNARE Epilog | <=1.2 | |
| InterSect Alliance SNARE Epilog | =1.1 | |
| Unix Unix | ||
| All of | ||
| Any of | ||
| InterSect Alliance Snare Agent | <=1.5.0 | |
| InterSect Alliance Snare Agent | =1.0 | |
| InterSect Alliance Snare Agent | =1.2 | |
| InterSect Alliance Snare Agent | =1.3 | |
| InterSect Alliance Snare Agent | =1.4 | |
| IBM AIX | ||
| All of | ||
| Any of | ||
| InterSect Alliance Snare Agent | <=1.1.4 | |
| InterSect Alliance Snare Agent | =1.0 | |
| InterSect Alliance Snare Agent | =1.0.1 | |
| InterSect Alliance Snare Agent | =1.1.0 | |
| InterSect Alliance Snare Agent | =1.1.1 | |
| InterSect Alliance Snare Agent | =1.1.2 | |
| Any of | ||
| Microsoft Windows 7 | ||
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Vista | ||
| InterSect Alliance Snare Agent | <=3.2.3 | |
| InterSect Alliance Snare Agent | =2.0 | |
| InterSect Alliance Snare Agent | =2.1 | |
| InterSect Alliance Snare Agent | =2.3 | |
| InterSect Alliance Snare Agent | =2.4 | |
| InterSect Alliance Snare Agent | =2.5 | |
| InterSect Alliance Snare Agent | =2.5.2 | |
| InterSect Alliance Snare Agent | =2.5.3 | |
| InterSect Alliance Snare Agent | =2.5.4 | |
| InterSect Alliance Snare Agent | =2.5.6 | |
| InterSect Alliance Snare Agent | =2.5.7 | |
| InterSect Alliance Snare Agent | =3.0.0 | |
| InterSect Alliance Snare Agent | =3.1.0 | |
| InterSect Alliance Snare Agent | =3.2.0 | |
| InterSect Alliance Snare Agent | =3.2.1 | |
| InterSect Alliance Snare Agent | =3.2.2 | |
| Oracle Solaris SPARC | ||
| InterSect Alliance Snare Agent | <=3.1.7 | |
| InterSect Alliance Snare Agent | =3.1.2 | |
| InterSect Alliance Snare Agent | =3.1.3 | |
| InterSect Alliance Snare Agent | =3.1.4 | |
| InterSect Alliance Snare Agent | =3.1.5 | |
| InterSect Alliance Snare Agent | =3.1.6 | |
| Microsoft Windows 2000 | ||
| Microsoft Windows 2003 Server | ||
| Microsoft Windows XP | ||
| InterSect Alliance Snare Agent | <=1.5.0 | |
| InterSect Alliance Snare Agent | =0.9.2 | |
| InterSect Alliance Snare Agent | =0.9.6 | |
| InterSect Alliance Snare Agent | =0.9.7 | |
| InterSect Alliance Snare Agent | =0.9.7a | |
| InterSect Alliance Snare Agent | =0.9.8 | |
| InterSect Alliance Snare Agent | =1.0 | |
| InterSect Alliance Snare Agent | =1.1 | |
| InterSect Alliance Snare Agent | =1.2 | |
| InterSect Alliance Snare Agent | =1.3 | |
| InterSect Alliance Snare Agent | =1.4 | |
| InterSect Alliance Snare Agent | =1.4.1 | |
| Linux Linux | ||
| InterSect Alliance Snare Agent | <=1.4 | |
| SGI IRIX | ||
| InterSect Alliance SNARE Epilog | <=1.5.3 | |
| InterSect Alliance SNARE Epilog | =1.1 | |
| InterSect Alliance SNARE Epilog | =1.2 | |
| InterSect Alliance SNARE Epilog | =1.3 | |
| InterSect Alliance SNARE Epilog | =1.3.1 | |
| InterSect Alliance SNARE Epilog | =1.3.3 | |
| InterSect Alliance SNARE Epilog | =1.4.0 | |
| InterSect Alliance SNARE Epilog | =1.5.0 | |
| InterSect Alliance SNARE Epilog | =1.5.1 | |
| InterSect Alliance SNARE Epilog | =1.5.2 | |
| Microsoft Windows | ||
| InterSect Alliance SNARE Epilog | <=1.2 | |
| Unix Unix | ||
| IBM AIX | ||
| InterSect Alliance Snare Agent | <=1.1.4 | |
| InterSect Alliance Snare Agent | =1.0.1 | |
| InterSect Alliance Snare Agent | =1.1.0 | |
| InterSect Alliance Snare Agent | =1.1.1 | |
| InterSect Alliance Snare Agent | =1.1.2 | |
| Microsoft Windows 7 | ||
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Vista |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-2594?
CVE-2010-2594 is classified as a high severity vulnerability due to the potential for cross-site request forgery attacks.
How do I fix CVE-2010-2594?
To fix CVE-2010-2594, upgrade to Snare Agent version 3.2.4 or later, which addresses the CSRF vulnerabilities.
Which versions are affected by CVE-2010-2594?
CVE-2010-2594 affects InterSect Alliance Snare Agent versions up to 3.2.3 and earlier versions.
What kind of attacks can be performed using CVE-2010-2594?
CVE-2010-2594 allows attackers to perform unauthorized actions on behalf of authenticated users through CSRF attacks.
Is there a workaround for CVE-2010-2594 if I cannot upgrade?
A workaround for CVE-2010-2594 is to implement anti-CSRF tokens in the application to verify requests.
- collector/nvd-historical
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/intersect alliance
- canonical/intersect alliance snare agent
- version/intersect alliance snare agent/3.2.3
- version/intersect alliance snare agent/2.0
- version/intersect alliance snare agent/2.1
- version/intersect alliance snare agent/2.3
- version/intersect alliance snare agent/2.4
- version/intersect alliance snare agent/2.5
- version/intersect alliance snare agent/2.5.2
- version/intersect alliance snare agent/2.5.3
- version/intersect alliance snare agent/2.5.4
- version/intersect alliance snare agent/2.5.6
- version/intersect alliance snare agent/2.5.7
- version/intersect alliance snare agent/3.0.0
- version/intersect alliance snare agent/3.1.0
- version/intersect alliance snare agent/3.2.0
- version/intersect alliance snare agent/3.2.1
- version/intersect alliance snare agent/3.2.2
- vendor/sun
- canonical/oracle solaris sparc
- version/intersect alliance snare agent/3.1.7
- version/intersect alliance snare agent/3.1.2
- version/intersect alliance snare agent/3.1.3
- version/intersect alliance snare agent/3.1.4
- version/intersect alliance snare agent/3.1.5
- version/intersect alliance snare agent/3.1.6
- vendor/microsoft
- canonical/microsoft windows 2000
- canonical/microsoft windows 2003 server
- canonical/microsoft windows xp
- version/intersect alliance snare agent/1.5.0
- version/intersect alliance snare agent/0.9.2
- version/intersect alliance snare agent/0.9.6
- version/intersect alliance snare agent/0.9.7
- version/intersect alliance snare agent/0.9.7a
- version/intersect alliance snare agent/0.9.8
- version/intersect alliance snare agent/1.0
- version/intersect alliance snare agent/1.1
- version/intersect alliance snare agent/1.2
- version/intersect alliance snare agent/1.3
- version/intersect alliance snare agent/1.4
- version/intersect alliance snare agent/1.4.1
- vendor/linux
- canonical/linux kernel
- vendor/sgi
- canonical/sgi irix
- canonical/intersect alliance snare epilog
- version/intersect alliance snare epilog/1.5.3
- version/intersect alliance snare epilog/1.1
- version/intersect alliance snare epilog/1.2
- version/intersect alliance snare epilog/1.3
- version/intersect alliance snare epilog/1.3.1
- version/intersect alliance snare epilog/1.3.3
- version/intersect alliance snare epilog/1.4.0
- version/intersect alliance snare epilog/1.5.0
- version/intersect alliance snare epilog/1.5.1
- version/intersect alliance snare epilog/1.5.2
- canonical/microsoft windows
- vendor/unix
- canonical/unix unix
- vendor/ibm
- canonical/ibm aix
- version/intersect alliance snare agent/1.1.4
- version/intersect alliance snare agent/1.0.1
- version/intersect alliance snare agent/1.1.0
- version/intersect alliance snare agent/1.1.1
- version/intersect alliance snare agent/1.1.2
- canonical/microsoft windows 7
- canonical/microsoft windows server 2008 itanium
- canonical/microsoft windows vista
- canonical/linux linux