CVE-2010-2268

Published: Jun 15, 2010Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts.

Affected (1)

Products: Accoria: Rock Web Server

Accoria

1 product

Rock Web Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Accoria Rock Web Server	Version 1.4.7

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www.ioactive.com/pdfs/AccoriaWebServer.pdf

Source: cve@mitre.org

Exploit

http://www.kb.cert.org/vuls/id/245081

Source: cve@mitre.org

US Government Resource

http://www.ioactive.com/pdfs/AccoriaWebServer.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.kb.cert.org/vuls/id/245081

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.