Neo4J Server Cross Site Request Forgery

2014.01.03
Credit: Arun Neelicattu
Risk: Low
Local: Yes
Remote: Yes
CVE: CVE-2013-7259
CWE: CWE-78


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hi, Last August, Dinis Cruz wrote a blog entry [1] detailing a CSRF attack on a Neo4J Server resulting in an RCE. The server's documentation [2] mentions the following. "By default, the Neo4j Server comes with some places where arbitrary code code execution can happen. These are the Section 19.15, “Traversals” REST endpoints. To secure these, either disable them completely by removing offending plugins from the server class-path, or secure access to these URLs through proxies or Authorization Rules." This could mean that the RCE itself is not CVE worthy as it is a documented/expected behavior. However, should the CSRF flaw be considered a vulnerability and assigned a CVE? Regards, Arun [1] http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html [2] http://docs.neo4j.org/chunked/stable/security-server.html#_arbitrary_code_execution -- Arun Neelicattu / Red Hat Security Response Team PGP: 0xC244393B 5229 F596 474F 00A1 E416 CF8B 36F5 5054 C244 393B

References:

http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
http://docs.neo4j.org/chunked/stable/security-server.html#_arbitrary_code_execution
http://seclists.org/oss-sec/2014/q1/13


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top