CVE-2008-0182

{"id": "CVE-2008-0182", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-02-05T00:00:00.000", "references": [{"url": "http://secunia.com/advisories/28742", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://support.liferay.com/browse/LEP-4739", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/767825", "tags": ["US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el portlet Admin de Liferay Portal en versiones anteriores a 4.4.0. Permite a usuario autenticados remotamente realizar acciones sin especificar como otros usuarios autenticados sin especificar a trav\u00e9s del mensaje de Shutdown (apagado)."}], "lastModified": "2008-09-05T21:34:24.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:liferay:liferay_enterprise_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68EA9FF6-2115-409D-9523-B1CA74941FB5", "versionEndIncluding": "4.3.6"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}