CVE-2011-0545 Information
Description
Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts and possibly have unspecified other impact via the userRole parameter.
Reference
http://secunia.com/advisories/43820 http://securityreason.com/securityalert/8160 http://securitytracker.com/id?1025242 http://sotiriu.de/adv/NSOADV-2011-001.txt http://www.exploit-db.com/exploits/17026 http://www.osvdb.org/71261 http://www.securityfocus.com/archive/1/517109/100/0/threaded http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00 http://www.vupen.com/english/advisories/2011/0727 https://exchange.xforce.ibmcloud.com/vulnerabilities/66213
Share on: