CyberSec.Space Logo
返回 CVE 浏览器

CVE-2009-2738

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0030%
EPSS Percentile30.32th
Published2009年8月11日
Last Modified2026年4月23日

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

Affected Platforms (CPE)

📦
Freenas

Freenas

<= 0.69.2
📦
Freenas

Freenas

= 0.69.1

References & Advisories

🔗 http://jvn.jp/en/jp/JVN15267895/index.html
🔗 http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html
🔗 http://www.freenas.org/index.php?option=com_frontpage&Itemid=22
🔗 http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html
🔗 http://jvn.jp/en/jp/JVN15267895/index.html
🔗 http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html
🔗 http://www.freenas.org/index.php?option=com_frontpage&Itemid=22
🔗 http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html

相关漏洞威胁

CVE-2014-53349.8

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui log...

CVE-2020-116507.5

An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of serv...

CVE-2009-27394.3

Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML v...

CVE-2010-20059

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php...