|HIO-2010-0426 Snare Agent Web Interface CSRF Vulnerability|
The web management interface for various Intersect Alliance Snare Agents and Epilog is vulnerable to cross-site request forgery attacks.
The applications allow users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the password or remote listening port by tricking a user into visiting a specially crafted link.
Updates are available from the vendor.
Vendor Solution: Update
|< Prev||Next >|