← Back

CVE-2010-2594

nvd nist
Published: Jul 2, 2010Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.

Affected (51)

Intersect Alliance
2 products
Snare Agent
Snare Epilog
Configuration A
14 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Intersect Alliance
Snare Agent
Up to 3.2.3
Snare Agent
Version 2.0
Snare Agent
Version 2.1
Snare Agent
Version 2.3
Snare Agent
Version 2.4
Snare Agent
Version 2.5.2
Snare Agent
Version 2.5.3
Snare Agent
Version 2.5.4
Snare Agent
Version 2.5.6
Snare Agent
Version 2.5.7
Snare Agent
Version 2.5
Snare Agent
Version 3.2.0
Snare Agent
Version 3.2.1
Snare Agent
Version 3.2.2
Running on/withPlatform Versions
Sun
Solaris
All versions
Configuration B
8 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Snare Agent
Up to 3.1.7
Snare Agent
Version 3.0.0
Snare Agent
Version 3.1.0
Snare Agent
Version 3.1.2
Snare Agent
Version 3.1.3
Snare Agent
Version 3.1.4
Snare Agent
Version 3.1.5
Snare Agent
Version 3.1.6
Running on/withPlatform Versions
Microsoft
Windows 2000
All versions
Microsoft
Windows 2003 Server
All versions
Microsoft
Windows Xp
All versions
Configuration C
7 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Snare Agent
Version 0.9.2
Snare Agent
Version 0.9.6
Snare Agent
Version 0.9.7
Snare Agent
Version 0.9.7a
Snare Agent
Version 0.9.8
Snare Agent
Version 1.1
Snare Agent
Version 1.4.1
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Snare Agent
Up to 1.4
Running on/withPlatform Versions
Sgi
Irix
All versions
Configuration E
9 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Snare Epilog
Up to 1.5.3
Snare Epilog
Version 1.2
Snare Epilog
Version 1.3.1
Snare Epilog
Version 1.3.3
Snare Epilog
Version 1.3
Snare Epilog
Version 1.4.0
Snare Epilog
Version 1.5.0
Snare Epilog
Version 1.5.1
Snare Epilog
Version 1.5.2
Running on/withPlatform Versions
Microsoft
Windows
All versions
Configuration F
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Snare Epilog
Up to 1.2
Snare Epilog
Version 1.1
Running on/withPlatform Versions
Unix
Unix
All versions
Configuration G
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Snare Agent
Up to 1.5.0
Snare Agent
Version 1.2
Snare Agent
Version 1.3
Snare Agent
Version 1.4
Running on/withPlatform Versions
Ibm
Aix
All versions
Configuration H
6 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Snare Agent
Up to 1.1.4
Snare Agent
Version 1.0.1
Snare Agent
Version 1.0
Snare Agent
Version 1.1.0
Snare Agent
Version 1.1.1
Snare Agent
Version 1.1.2
Running on/withPlatform Versions
Microsoft
Windows 7
All versions
Microsoft
Windows Server 2008
All versions
Microsoft
Windows Vista
All versions

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Third Party AdvisoryUS Government Resource
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.