CGI Generic Cross-Site Request Forgery Detection (potential)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.

Synopsis :

The remote web server might be prone to cross-site request forgery

Description :

The spider found HTML forms on the remote web server. Some CGI
scripts do not appear to be protected by random tokens, a common
anti-cross-site request forgery (CSRF) protection. The web
application might be vulnerable to CSRF attacks.

Note that :

- Nessus did not exploit the flaw,
- Nessus cannot identify sensitive actions -- for example, on an
online bank, consulting an account is less sensitive than
transferring money.

You will have to audit the source of the CGI scripts and check if they
are actually affected.

See also :

Solution :

Restrict access to the vulnerable application. Contact the vendor
for a patch or upgrade.

Risk factor :

Medium / CVSS Base Score : 6.4

Family: CGI abuses

Nessus Plugin ID: 56818 ()

Bugtraq ID: