CVE-2013-0532: CSRF
First published: Fri Mar 29 2013(Updated: )
Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security AppScan | =5.6.0.0 | |
| IBM Security AppScan | =8.0.0.0 | |
| IBM Security AppScan | =8.0.0.1 | |
| IBM Security AppScan | =8.0.0.2 | |
| IBM Security AppScan | =8.0.1.0 | |
| IBM Security AppScan | =8.0.1.1 | |
| IBM Security AppScan | =8.0.11 | |
| IBM Security AppScan | =8.5.0.0 | |
| IBM Security AppScan | =8.5.0.1 | |
| IBM Security AppScan | =8.6.0.0 | |
| IBM Security AppScan | =8.6.0.1 | |
| IBM Security AppScan | =8.6.0.2 | |
| IBM Rational Policy Tester | =5.6.0.0 | |
| IBM Rational Policy Tester | =8.0.0.0 | |
| IBM Rational Policy Tester | =8.0.0.1 | |
| IBM Rational Policy Tester | =8.0.0.2 | |
| IBM Rational Policy Tester | =8.0.1.0 | |
| IBM Rational Policy Tester | =8.0.1.1 | |
| IBM Rational Policy Tester | =8.5.0.0 | |
| IBM Rational Policy Tester | =8.5.0.1 | |
| IBM Rational Policy Tester | =8.5.0.2 | |
| IBM Rational Policy Tester | =8.5.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-0532?
CVE-2013-0532 is categorized with a medium severity due to its potential for allowing cross-site request forgery attacks.
How do I fix CVE-2013-0532?
To fix CVE-2013-0532, upgrade to IBM Security AppScan Enterprise version 8.7 or later, or IBM Rational Policy Tester version 8.5.0.4 or later.
What types of software are affected by CVE-2013-0532?
CVE-2013-0532 affects IBM Security AppScan Enterprise versions 5.6 and 8.x prior to 8.7, and IBM Rational Policy Tester versions 5.6 and 8.x prior to 8.5.0.4.
What attack vector does CVE-2013-0532 exploit?
CVE-2013-0532 exploits cross-site request forgery to hijack user authentication for denial of service attacks.
Which versions of IBM Security AppScan are vulnerable to CVE-2013-0532?
Versions 5.6.0.0, 8.0.0.0 through 8.0.11, and 8.5.0.0 through 8.6.0.2 of IBM Security AppScan Enterprise are vulnerable to CVE-2013-0532.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm security appscan
- version/ibm security appscan/5.6.0.0
- version/ibm security appscan/8.0.0.0
- version/ibm security appscan/8.0.0.1
- version/ibm security appscan/8.0.0.2
- version/ibm security appscan/8.0.1.0
- version/ibm security appscan/8.0.1.1
- version/ibm security appscan/8.0.11
- version/ibm security appscan/8.5.0.0
- version/ibm security appscan/8.5.0.1
- version/ibm security appscan/8.6.0.0
- version/ibm security appscan/8.6.0.1
- version/ibm security appscan/8.6.0.2
- canonical/ibm rational policy tester
- version/ibm rational policy tester/5.6.0.0
- version/ibm rational policy tester/8.0.0.0
- version/ibm rational policy tester/8.0.0.1
- version/ibm rational policy tester/8.0.0.2
- version/ibm rational policy tester/8.0.1.0
- version/ibm rational policy tester/8.0.1.1
- version/ibm rational policy tester/8.5.0.0
- version/ibm rational policy tester/8.5.0.1
- version/ibm rational policy tester/8.5.0.2
- version/ibm rational policy tester/8.5.0.3