MySQL Enterprise Monitor < 2.1.2 Multiple XSRF Vulnerabilities

medium Nessus Plugin ID 46816

Synopsis

A web application running on the remote host is affected by multiple cross-site request forgery vulnerabilities.

Description

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host has multiple, unspecified cross-site request forgery vulnerabilities. A remote attacker can exploit these by tricking a user into unknowingly performing malicious actions.

Solution

Upgrade to MySQL Enterprise Monitor 2.1.2 or later.

See Also

http://www.nessus.org/u?2fb1c1be

http://www.nessus.org/u?7090189d

Plugin Details

Severity: Medium

ID: 46816

File Name: mysql_enterprise_monitor_2_1_2.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 6/7/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mysql:enterprise_monitor

Required KB Items: installed_sw/MySQL Enterprise Monitor

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/26/2010

Vulnerability Publication Date: 5/26/2010

Reference Information

BID: 40537