CSRF Vulnerabilities in Citrix XenCenterWeb Affecting Administrator Authentication
CVE-2009-3759

8.8HIGH

Key Information:

Vendor

Citrix
Status
Xencenterweb
Vendor
CVE Published:
22 October 2009

What is CVE-2009-3759?

Multiple cross-site request forgery (CSRF) vulnerabilities exist in the sample code of the XenServer Resource Kit found in Citrix XenCenterWeb. These vulnerabilities allow remote attackers to exploit the application and hijack administrator authentication. For instance, attackers can craft malicious requests that lead to unintentional password changes through the config/changepw.php page or stop virtual machines using the hardstopvm.php script by manipulating the stop_vmname parameter. This exposes administrators to significant risks, compromising the integrity and availability of virtual resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/504764
mailing-listx_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2009/1814
vdb-entryx_refsource_VUPEN
http://securenetwork.it/ricerca/advisory/download/SN-2009...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.