MySQL Enterprise Monitor < 2.3.20 Apache Struts Predictable Token XSRF

Medium Nessus Plugin ID 83294

Synopsis

A web application running on the remote host is affected by a cross-site request forgery vulnerability.

Description

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host may be affected by a cross-site request forgery vulnerability due to the token generator failing to adequately randomize the token values. A remote attacker can exploit this by extracting a token from a form and then predicting the next token value that will be used to secure form submissions. By convincing a victim to visit a specially crafted form, the attacker can then use the predicted token value to force an action for a logged in user.

Note that this vulnerability can only be exploited when the <s:token/> tag is used within a form.

Solution

Upgrade to MySQL Enterprise Monitor 2.3.20 or later.

See Also

http://www.nessus.org/u?56618dc1

http://struts.apache.org/docs/s2-023.html

https://issues.apache.org/jira/browse/WW-4423

Plugin Details

Severity: Medium

ID: 83294

File Name: mysql_enterprise_monitor_2_3_20.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 2015/05/08

Updated: 2018/11/28

Dependencies: 46815

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mysql:enterprise_monitor, cpe:/a:apache:struts

Required KB Items: installed_sw/MySQL Enterprise Monitor, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/02/17

Vulnerability Publication Date: 2014/12/01

Reference Information

CVE: CVE-2014-7809

BID: 71548