漏洞名称: Samba Web Administration Tool Cross-Site Request Forgery +PoC 披露日期: 2011.08.01 风险等级: Low 漏洞类型: Cross-Site Request Forgery (CSRF) CVE编号: CVE-2011-2522 CWE编号: CWE-352 CVSS基础评分: 6.8/10 漏洞描述: 该漏洞存在于Samba Web Administration Tool (SWAT) 中,允许远程攻击者通过构造的请求执行CSRF攻击。 受影响版本: Samba 3.0.x - 3.5.9 (inclusive) 修复版本: Samba 3.5.10 产品主页: http://www.samba.org/ 相关链接: - Bugzilla: https://bugzilla.samba.org/show_bug.cgi?id=8290 - Bugzilla Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=721348 - Xforce: http://xforce.iss.net/xforce/xfdb/68843 - Securityfocus: http://www.securityfocus.com/bid/48899 - Samba Security: http://www.samba.org/samba/security/CVE-2011-2522 - Mandriva: http://www.mandriva.com/security/advisories?name=MDVSA-2011:121 - Exploit-db: http://www.exploit-db.com/exploits/17577 - Securitytracker: http://securitytracker.com/id?1025852 - Securityfocus: http://securityfocus.com/advisories/45393 - Samba History: http://samba.org/samba/history/samba-3.5.10.html - JVN: http://jvn.jp/en/jp/JVN29529126/index.html