CVE-2012-4002

CVSS V2 Medium 6.8 CVSS V3 None
Description
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Overview
  • CVE ID
  • CVE-2012-4002
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2012-10-09T23:55:04
  • Last Modified Date
  • 2013-04-11T03:30:31
Weakness Enumerations
CWE URL
CWE-352 http://cwe.mitre.org/data/definitions/352.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* 1 OR 0.83.2
cpe:2.3:a:glpi-project:glpi:0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.5:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.5:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.6:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.6:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.6:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.30:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.40:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.41:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.42:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.51:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.51a:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.65:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.65:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.65:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.68:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.68:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.68:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.68:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.68.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.68.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.68.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.70:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.70:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.70:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.70:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.70.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.70.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.71:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.71.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.71.1:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.71.1:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.71.1:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.71.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.71.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.71.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.71.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.71.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.72:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.72:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.72:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.72:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.72.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.72.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.72.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.72.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.78:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.78.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.78.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.78.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.78.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.78.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.80:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.80.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.80.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.80.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.80.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.80.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.80.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.80.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.80.61:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.83:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glpi-project:glpi:0.83.1:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
https://forge.indepnet.net/issues/3707
https://forge.indepnet.net/issues/3704
http://www.openwall.com/lists/oss-security/2012/07/13/1
https://forge.indepnet.net/projects/glpi/versions/771
http://www.mandriva.com/security/advisories?name=MDVSA-2012:132
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2012-4002
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4002
History
Created Old Value New Value Data Type Notes
2022-05-10 10:46:04 Added to TrackCVE