QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4139

Published: Jul 27, 2011

Modified: Apr 28, 2026

PUBLISHED

CVSS v3.1

6.8

MEDIUM

Description

A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileges by modifying existing user accounts to have administrator access.

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

http://securitytracker.com/id?1025674

http://www.redhat.com/support/errata/RHSA-2011-0879.html

https://access.redhat.com/security/cve/CVE-2009-4139

vdb-entry

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=529483

https://exchange.xforce.ibmcloud.com/vulnerabilities/68074

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.