Detections
Analytics

MySQL Enterprise Monitor 3.0.x < 3.0.19 Apache Struts Predictable Token XSRF

medium Nessus Plugin ID 83296

Language:

Synopsis

A web application running on the remote host is affected by a cross-site request forgery vulnerability.

Description

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host may be affected by a cross-site request forgery vulnerability due to the token generator failing to adequately randomize the token values. A remote attacker can exploit this by extracting a token from a form and then predicting the next token value that will be used to secure form submissions. By convincing a victim to visit a specially crafted form, the attacker can then use the predicted token value to force an action for a logged in user.

Note that this vulnerability can only be exploited when the <s:token/> tag is used within a form.

Solution

Upgrade to MySQL Enterprise Monitor 3.0.19 or later.

See Also

http://www.nessus.org/u?56618dc1

http://struts.apache.org/docs/s2-023.html

https://issues.apache.org/jira/browse/WW-4423

Plugin Details

Severity: Medium

ID: 83296

File Name: mysql_enterprise_monitor_3_0_19.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 5/8/2015

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mysql:enterprise_monitor, cpe:/a:apache:struts

Required KB Items: Settings/ParanoidReport, installed_sw/MySQL Enterprise Monitor

Exploit Ease: No known exploits are available

Patch Publication Date: 1/28/2015

Vulnerability Publication Date: 12/1/2014

Reference Information

CVE: CVE-2014-7809

BID: 71548