SUSE Manager Cross Site Request Forgery and URL Redirection Issues


Description   Two vulnerabilities have been identified in SUSE Manager, which could allow information manipulation or disclosure, or phishing attacks. These issues are caused by input validation errors in the web user interface and the login page, which could allow cross-site request forgery or URL redirection attacks.
     
Vulnerable Products   Vulnerable Software:
SUSE Manager 1.2 for SLE 11 SP1
     
Solution   Upgrade the affected packages : http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00007.html
     
CVE   CVE-2011-1594
CVE-2009-4139
     
References   http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00007.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2011-06-21 

 Target Type 
Server 

 Possible exploit 
Local & Remote