Cross Site Request Forgery in Filr admin (CVE-2016-1607)

  • 7017786
  • 29-Jun-2016
  • 22-Jul-2016

Environment

Novell Filr 2.0
Novell Filr 1.2

Situation

A vulnerability in the HTML form processing of Novell Filr admin may allow a remote attacker to make a request using the session of an authenticated admin by coaxing the admin into visiting or interacting with a malicious website.

Resolution

A fix for this issue is available in the Filr 2.0 Security Update 2, available via the Novell Patch Finder.

If you're running Filr 1.2 or older, please upgrade to the Filr 2.0 Security Update 2. 

CVE-2016-1607.
Special thanks to Wolfgang Ettlinger working with SEC Consult Vulnerability Lab for reporting this vulnerability to Micro Focus.