CVE Vulnerabilities

CVE-2014-5347

Cross-Site Request Forgery (CSRF)

Published: Aug 19, 2014 | Modified: Sep 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comments.php in manage.php or that (4) reset or (5) delete plugin options via the reset parameter to wp-admin/edit-comments.php.

Weakness

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Affected Software

Name Vendor Start Version End Version
Disqus_comment_system Disqus 2.55 2.55
Disqus_comment_system Disqus 2.68 2.68
Disqus_comment_system Disqus 2.45 2.45
Disqus_comment_system Disqus 2.52 2.52
Disqus_comment_system Disqus 2.69 2.69
Disqus_comment_system Disqus 2.46 2.46
Disqus_comment_system Disqus 2.40 2.40
Disqus_comment_system Disqus 2.48 2.48
Disqus_comment_system Disqus 2.49 2.49
Disqus_comment_system Disqus 2.67 2.67
Disqus_comment_system Disqus 2.74 2.74
Disqus_comment_system Disqus 2.65 2.65
Disqus_comment_system Disqus 2.60 2.60
Disqus_comment_system Disqus 2.43 2.43
Disqus_comment_system Disqus * 2.75
Disqus_comment_system Disqus 2.72 2.72
Disqus_comment_system Disqus 2.50 2.50
Disqus_comment_system Disqus 2.42 2.42
Disqus_comment_system Disqus 2.63 2.63
Disqus_comment_system Disqus 2.54 2.54
Disqus_comment_system Disqus 2.70 2.70
Disqus_comment_system Disqus 2.66 2.66
Disqus_comment_system Disqus 2.62 2.62
Disqus_comment_system Disqus 2.71 2.71
Disqus_comment_system Disqus 2.61 2.61
Disqus_comment_system Disqus 2.64 2.64
Disqus_comment_system Disqus 2.53 2.53
Disqus_comment_system Disqus 2.51 2.51
Disqus_comment_system Disqus 2.44 2.44
Disqus_comment_system Disqus 2.41 2.41
Disqus_comment_system Disqus 2.47 2.47
Disqus_comment_system Disqus 2.73 2.73

Potential Mitigations

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, use anti-CSRF packages such as the OWASP CSRFGuard. [REF-330]
  • Another example is the ESAPI Session Management control, which includes a component for CSRF. [REF-45]
  • Use the “double-submitted cookie” method as described by Felten and Zeller:
  • When a user visits a site, the site should generate a pseudorandom value and set it as a cookie on the user’s machine. The site should require every form submission to include this value as a form value and also as a cookie value. When a POST request is sent to the site, the request should only be considered valid if the form value and the cookie value are the same.
  • Because of the same-origin policy, an attacker cannot read or modify the value stored in the cookie. To successfully submit a form on behalf of the user, the attacker would have to correctly guess the pseudorandom value. If the pseudorandom value is cryptographically strong, this will be prohibitively difficult.
  • This technique requires Javascript, so it may not work for browsers that have Javascript disabled. [REF-331]

References