製品・ソフトウェアに関する情報

JVN脆弱性詳細

Snare Agent の Web インターフェースにクロスサイトリクエストフォージェリの脆弱性

Title	Snare Agent の Web インターフェースにクロスサイトリクエストフォージェリの脆弱性
Summary	Snare Agent の Web インターフェースには、クロスサイトリクエストフォージェリの脆弱性が存在します。
Possible impacts	悪意あるページを読み込んだ場合、意図せず Snare Agent の設定を変更される可能性があります。
Solution	[アップデートする] 開発者が提供する情報をもとに最新版へアップデートしてください。
Publication Date	June 30, 2010, midnight
Registration Date	July 22, 2010, 8:51 p.m.
Last Update	July 22, 2010, 8:51 p.m.

CVSS2.0 : 警告
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

InterSect Alliance International Pty

Epilog for Unix 1.2 およびそれ以前

Epilog for Windows 1.5.3 およびそれ以前

Snare for AIX 1.5.0 およびそれ以前

Snare for Irix 1.4 およびそれ以前

Snare for Linux 1.5.0 およびそれ以前

Snare for Solaris 3.2.3 およびそれ以前

Snare for Windows 3.1.7 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-2594	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2594
National Vulnerability Database (NVD)
2	CVE-2010-2594	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2594

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-352	https://jvndb.jvn.jp/ja/cwe/CWE-352.html

ベンダー情報

No	Name	URL
InterSect Alliance
1	Snare - Audit Log and EventLog analysis	http://www.intersectalliance.com/projects/index.html

その他

No	Name	URL
JVN
1	JVNVU#173009	http://jvn.jp/cert/JVNVU173009
Secunia Advisory
2	SA39562	http://secunia.com/advisories/39562
US-CERT Vulnerability Note
3	VU#173009	http://www.kb.cert.org/vuls/id/173009

Change Log

No	Changed Details	Date of change
0	[2010年07月22日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-2594

Summary	Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
Publication Date	July 2, 2010, 9:43 p.m.
Registration Date	Jan. 29, 2021, 11:03 a.m.
Last Update	Nov. 21, 2024, 10:16 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_agent::::::::			3.2.3
cpe:2.3:a:intersect_alliance:snare_agent:2.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.1:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.3:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.4:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.2:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.3:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.4:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.6:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.7:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.1:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.2:::::::*
execution environment
1	cpe:2.3:o:sun:solaris::::::::

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_agent::::::::			3.1.7
cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.2:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.3:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.4:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.5:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.6:::::::*
execution environment
1	cpe:2.3:o:microsoft:windows_2000::::::::
2	cpe:2.3:o:microsoft:windows_2003_server::::::::
3	cpe:2.3:o:microsoft:windows_xp::::::::

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_agent::::::::			1.5.0
cpe:2.3:a:intersect_alliance:snare_agent:0.9.2:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.6:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.7:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.7a:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.8:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.1:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.2:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.3:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.4:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.4.1:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_agent::::::::			1.4
cpe:2.3:a:intersect_alliance:snare_agent:1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.2:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.3:::::::*
execution environment
1	cpe:2.3:o:sgi:irix::::::::

Configuration5		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_epilog::::::::			1.5.3
cpe:2.3:a:intersect_alliance:snare_epilog:1.1:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.2:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3.1:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3.3:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.4.0:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.0:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.1:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.2:::::::*
execution environment
1	cpe:2.3:o:microsoft:windows::::::::

Configuration6		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_epilog::::::::			1.2
cpe:2.3:a:intersect_alliance:snare_epilog:1.1:::::::*
execution environment
1	cpe:2.3:o:unix:unix::::::::

Configuration7		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_agent::::::::			1.5.0
cpe:2.3:a:intersect_alliance:snare_agent:1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.2:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.3:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.4:::::::*
execution environment
1	cpe:2.3:o:ibm:aix::::::::

Configuration8		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_agent::::::::			1.1.4
cpe:2.3:a:intersect_alliance:snare_agent:1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.0.1:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.1:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.2:::::::*
execution environment
1	cpe:2.3:o:microsoft:windows_7::::::::
2	cpe:2.3:o:microsoft:windows_server_2008:-:::::::*
3	cpe:2.3:o:microsoft:windows_vista::::::::

Related information, measures and tools

No	URL	タグ
1	http://holisticinfosec.org/content/view/144/45/	Third Party Advisory
2	http://holisticinfosec.org/content/view/144/45/	Third Party Advisory
3	http://secunia.com/advisories/39562	Broken Link
4	http://secunia.com/advisories/39562	Broken Link
5	http://www.kb.cert.org/vuls/id/173009	Third Party Advisory US Government Resource
6	http://www.kb.cert.org/vuls/id/173009	Third Party Advisory US Government Resource
7	http://www.securityfocus.com/bid/41226	Third Party Advisory VDB Entry
8	http://www.securityfocus.com/bid/41226	Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-352	クロスサイト・リクエスト・フォージェリ（CSRF）	https://cwe.mitre.org/data/definitions/352.html
2	CWE-352	同一生成元ポリシー違反	https://cwe.mitre.org/data/definitions/346.html

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_agent::::::::			3.2.3
cpe:2.3:a:intersect_alliance:snare_agent:2.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.1:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.3:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.4:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.2:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.3:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.4:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.6:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:2.5.7:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.1:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.2.2:::::::*
execution environment
1	cpe:2.3:o:sun:solaris::::::::

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_agent::::::::			3.1.7
cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.2:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.3:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.4:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.5:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:3.1.6:::::::*
execution environment
1	cpe:2.3:o:microsoft:windows_2000::::::::
2	cpe:2.3:o:microsoft:windows_2003_server::::::::
3	cpe:2.3:o:microsoft:windows_xp::::::::

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_agent::::::::			1.5.0
cpe:2.3:a:intersect_alliance:snare_agent:0.9.2:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.6:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.7:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.7a:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:0.9.8:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.1:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.2:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.3:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.4:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.4.1:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_epilog::::::::			1.5.3
cpe:2.3:a:intersect_alliance:snare_epilog:1.1:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.2:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3.1:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.3.3:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.4.0:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.0:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.1:::::::*
cpe:2.3:a:intersect_alliance:snare_epilog:1.5.2:::::::*
execution environment
1	cpe:2.3:o:microsoft:windows::::::::

Configuration8		or higher	or less	more than	less than
cpe:2.3:a:intersect_alliance:snare_agent::::::::			1.1.4
cpe:2.3:a:intersect_alliance:snare_agent:1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.0.1:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.0:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.1:::::::*
cpe:2.3:a:intersect_alliance:snare_agent:1.1.2:::::::*
execution environment
1	cpe:2.3:o:microsoft:windows_7::::::::
2	cpe:2.3:o:microsoft:windows_server_2008:-:::::::*
3	cpe:2.3:o:microsoft:windows_vista::::::::