Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-3759

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.

Published

2009-10-22T17:30:00.517

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	citrix	xencenterweb	-	Yes

References

http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt Broken Link ([email protected])
http://securitytracker.com/id?1022520 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.exploit-db.com/exploits/9106 Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/504764 Broken Link, Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/35592 Broken Link, Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2009/1814 Broken Link, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/51576 Third Party Advisory, VDB Entry ([email protected])
http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1022520 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/9106 Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/504764 Broken Link, Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/35592 Broken Link, Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/1814 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51576 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)