----------------------------------------------------------------------

Are you missing:

SECUNIA ADVISORY ID:

Critical:

Impact:

Where:

within the advisory below?

This is now part of the Secunia commercial solutions.

Click here to learn more about our commercial solutions:
http://secunia.com/advisories/business_solutions/
        
Click here to trial our solutions:
http://secunia.com/advisories/try_vi/

----------------------------------------------------------------------

TITLE:
A-A-S Application Access Server Cross-Site Request Forgery
Vulnerability

SECUNIA ADVISORY ID:
SA35034

VERIFY ADVISORY:
http://secunia.com/advisories/35034/

DESCRIPTION:
A vulnerability has been discovered in A-A-S Application Access
Server, which can be exploited by malicious people to conduct
cross-site request forgery attacks.

The application's web interface allows users to perform certain
actions via HTTP requests without performing any validity checks to
verify the requests. This can be exploited to e.g. execute arbitrary
commands or kill arbitrary processes when a logged in administrator
views a malicious web page.

The vulnerability is confirmed in version 2.0.48. Other versions may
also be affected.

SOLUTION:
Do not browse untrusted sites while being logged in to the
application.

PROVIDED AND/OR DISCOVERED BY:
Felipe Aragon, Syhunt

ORIGINAL ADVISORY:
http://www.syhunt.com/?section=resources.advisories&id=aas-multiple

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------