CVE-2012-3362

Published: 12 July 2012

Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action.

Priority

Status

Package	Release	Status
extplorer Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Released (2.1.0b6+dfsg.2-1+squeeze1build0.11.04.1)
	oneiric	Ignored (end of life)
	precise	Ignored (end of life)
	quantal	Not vulnerable (2.1.0b6+dfsg.3-3)
	raring	Not vulnerable (2.1.0b6+dfsg.3-3)
	saucy	Not vulnerable (2.1.0b6+dfsg.3-3)
	trusty	Does not exist (trusty was not-affected [2.1.0b6+dfsg.3-3])
	upstream	Released (2.1.0b6+dfsg.3-3)
	utopic	Not vulnerable (2.1.0b6+dfsg.3-3)
	vivid	Not vulnerable (2.1.0b6+dfsg.3-3)
	wily	Not vulnerable (2.1.0b6+dfsg.3-3)
	xenial	Not vulnerable (2.1.0b6+dfsg.3-3)
	yakkety	Does not exist
	zesty	Does not exist
	Patches: vendor: http://www.debian.org/security/2012/dsa-2510

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2012-3362

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading