Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Title Snare Agent web interface cross-site request forgery vulnerabilities
Name VU#173009 First vendor Publication 2010-06-29
Vendor VU-CERT Last vendor Modification 2010-07-01
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#173009

Snare Agent web interface cross-site request forgery vulnerabilities


The Snare Agent web interface is susceptible to cross-site request forgery attacks.

I. Description

The web interface allows the administrator to manage several agent settings, including changing the listening port and password. These HTTP requests do not perform proper validity checks and are susceptible to a cross-site request forgery attack.

The vulnerability is reported in the following products and versions:

  • Snare for Solaris 3.2.3 and prior
  • Snare for Windows 3.1.7 and prior
  • Snare for Linux 1.5.0 and prior
  • Snare for AIX 1.5.0 and prior
  • Snare for Irix 1.4 and prior
  • Epilog for Windows 1.5.3 and prior
  • Epilog for Unix version 1.2 and prior

II. Impact

An attacker can change several agent settings, such as the password or listening port, if able to trick an administrator into visiting a specially crafted link.

III. Solution

The vendor has released patched versions of the agent to remediate this issue.

Vendor Information

VendorStatusDate NotifiedDate Updated
InterSect AllianceAffected2010-07-01




Thanks to Russ McRee for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

Date Public:2010-06-29
Date First Published:2010-06-29
Date Last Updated:2010-07-01
CERT Advisory: 
US-CERT Technical Alerts: 
Document Revision:15

Original Source

Url : http://www.kb.cert.org/vuls/id/173009

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Application 39
Application 10
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1

Open Source Vulnerability Database (OSVDB)

Id Description
65829 Snare Agent Multiple Unspecified CSRF

Snare Agent contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as change the password or remote listening port. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.