Advisories

Lastline Portal Cross-Site Request Forgery (CSRF)

Dell SecureWorks Security Advisory SWRX-2015-002 Monday, June 8, 2015

Advisory Information

Title: Lastline Portal Cross-Site Request Forgery (CSRF)
Advisory ID: SWRX-2015-002
Date published: Monday, June 8, 2015
CVE: CVE-2015-4125
CVSS v2 base score: 5.1
Date of last update: Monday, June 8, 2015
Vendors contacted: Lastline
Release mode: Coordinated
Discovered by: Dana James Traversie and Sean Wright, Dell SecureWorks

Summary

Lastline is a breach detection platform that provides administrative functionality and other features via a dedicated web application. There are multiple vulnerabilities in the Lastline Portal web application due to insufficient or missing CSRF defenses. An unauthenticated, remote attacker could conduct cross-site request forgery (CSRF) attacks by persuading a user to follow a malicious link or visit an attacker-controlled website.

Download the PDF: SWRX-2015-002

PGP Signature

Lastline Portal Cross-Site Request Forgery (CSRF)

Advisory Information

Summary

Related Content

LV Ransomware

USAID-Themed Phishing Campaign Leverages U.S. Elections Lure

Counter Threat Unit Researchers Publish Threat Group Definitions