{"containers": {"cna": {"affected": [{"product": "cobbler", "vendor": "cobbler", "versions": [{"status": "affected", "version": "2011-09-28"}]}], "descriptions": [{"lang": "en", "value": "cobbler: Web interface lacks CSRF protection when using Django framework"}], "problemTypes": [{"descriptions": [{"description": "UNKNOWN_TYPE", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-19T15:29:47", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4952"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4952"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2011-4952"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:39.818Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4952"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4952"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2011-4952"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4952", "datePublished": "2019-11-19T15:29:47", "dateReserved": "2011-12-23T00:00:00", "dateUpdated": "2024-08-07T00:23:39.818Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cobblerd:cobbler:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CFB14EA-6617-42FD-8D8E-743B0DF942EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "cobbler: Web interface lacks CSRF protection when using Django framework"}, {"lang": "es", "value": "cobbler: La interfaz web carece de protecci\u00f3n contra un CSRF cuando es usado el framework Django."}], "id": "CVE-2011-4952", "lastModified": "2024-11-21T01:33:21.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2019-11-19T16:15:10.837", "references": [{"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2011-4952"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4952"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2011-4952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4952"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "(cobbler-web): Absent CSRF protection when using Django framework", "id": "811937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=811937"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-352", "details": ["cobbler: Web interface lacks CSRF protection when using Django framework"], "name": "CVE-2011-4952", "package_state": [{"cpe": "cpe:/a:redhat:network_satellite:5.4", "fix_state": "Not affected", "package_name": "Server", "product_name": "Red Hat Satellite 5.4"}], "public_date": "2011-09-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-4952\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4952"], "statement": "This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.4 as Red Hat Network Satellite Server did not include support for Cobbler web interface.", "threat_severity": "Moderate"}