{"vuid":"VU#378688","idnumber":"378688","name":"Google Reader cross-site request forgery vulnerability","keywords":["Google Reader","CSRF","XSRF cross-site request forgery"],"overview":"Google Reader is vulnerable to a persistent cross-site request forgery attack that may be exploited by a specially crafted RSS feed.","clean_desc":"Google Reader is an online RSS feed reader. It can display text and images when displaying RSS feeds. Google Reader contains a cross-site request forgery (XSRF) vulnerability that could be used to prevent a user from logging on to the service. The Google Reader logoff button can be represented as a hyperlink. An attacker may be able to execute this link by supplying it as an image source in a malicious RSS feed. Once a user subscribes to the RSS feed, they will be unable to login to their Google Reader account. Note that an attacker would have to convince a user to load a malicious RSS feed to exploit this vulnerability.","impact":"A remote unauthenticated attacker may be able to prevent a user from logging in to Google Reader.","resolution":"We are currently unaware of a practical solution to this problem, however the following workarounds may help mitigate the vulnerability.","workarounds":"Do not load images from third party sites Preventing third party sites from loading images in your web browser may mitigate this vulnerability. See the references section of this document for information on how to block images in specific browsers.","sysaffected":"","thanks":"This issue was reported on the GNUCITIZEN blog.","author":"This document was written by Ryan Giobbi.","public":["http://reader.google.com","http://www.gnucitizen.org/blog/persistent-csrf-and-the-hotlink-hell/","http://www.microsoft.com/enable/training/ie6/pictures.aspx","http://kb.mozillazine.org/Permissions.default.image","http://michaeldaw.org/papers/hotlink_persistent_csrf","http://en.wikipedia.org/wiki/Cross-site_request_forgery"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-04-17T23:04:08Z","publicdate":"2007-04-16T00:00:00Z","datefirstpublished":"2007-04-18T16:06:54Z","dateupdated":"2007-09-12T17:22:56Z","revision":6,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"2","cam_population":"4","cam_impact":"3","cam_easeofexploitation":"17","cam_attackeraccessrequired":"11","cam_scorecurrent":"0.8415","cam_scorecurrentwidelyknown":"0.92565","cam_scorecurrentwidelyknownexploited":"1.76715","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.8415,"vulnote":null}