Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 03 Jan 2014 13:31:36 +1000
From: Arun Babu Neelicattu <abn@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Neo4J CSRF: Potential CVE candidate

Hi,

Last August, Dinis Cruz wrote a blog entry [1] detailing a CSRF attack
on a Neo4J Server resulting in an RCE. The server's documentation [2]
mentions the following.

"By default, the Neo4j Server comes with some places where arbitrary
code code execution can happen. These are the Section 19.15,
“Traversals” REST endpoints. To secure these, either disable them
completely by removing offending plugins from the server class-path, or
secure access to these URLs through proxies or Authorization Rules."

This could mean that the RCE itself is not CVE worthy as it is a
documented/expected behavior. However, should the CSRF flaw be
considered a vulnerability and assigned a CVE?

Regards,
Arun

[1]
http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
[2]
http://docs.neo4j.org/chunked/stable/security-server.html#_arbitrary_code_execution

-- 
Arun Neelicattu / Red Hat Security Response Team 
PGP: 0xC244393B 5229 F596 474F 00A1 E416  CF8B 36F5 5054 C244 393B



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ