mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-15 03:14:23 +00:00
5e7bd302a1
Vulnerability Details
=====================
Class: Cross-Site Request Forgery
Versions: 4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
Fixed In: 4.0.5, 4.2
Description: Due to a lack of validation of the enctype form
attribute when making POST requests to xmlrpc.cgi,
a possible CSRF vulnerability was discovered. If a user
visits an HTML page with some malicious HTML code in it,
an attacker could make changes to a remote Bugzilla installation
on behalf of the victim's account by using the XML-RPC API
on a site running mod_perl. Sites running under mod_cgi
are not affected. Also the user would have had to be
already logged in to the target site for the vulnerability
to work.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=725663
CVE Number: CVE-2012-0453
Approved by: skv (implicit)
|
||
|---|---|---|
| .. | ||
| acroread8 | ||
| acroread9 | ||
| alt-aspell | ||
| aspell | ||
| BBBike | ||
| bsdforen-firefox-searchplugin | ||
| bsdgroup-firefox-searchplugin | ||
| bsdpaste | ||
| bugzilla | ||
| bugzilla3 | ||
| calligra-l10n | ||
| dict | ||
| digibux | ||
| ding | ||
| dtaus | ||
| eric4 | ||
| geonext | ||
| gimp-help | ||
| hunspell | ||
| hyphen | ||
| ispell | ||
| ispell-alt | ||
| ispell-neu | ||
| jdictionary-eng-ger | ||
| jdictionary-ger-hun | ||
| kde3-i18n | ||
| kde4-l10n | ||
| kheisereg | ||
| koffice-i18n | ||
| koffice-kde4-l10n | ||
| ksteak | ||
| manpages | ||
| mediathek | ||
| MT | ||
| mythes | ||
| pecl-konto_check | ||
| phone | ||
| php_doc | ||
| schwobifyer | ||
| selfhtml | ||
| steak | ||
| tipp10 | ||
| unix-connect | ||
| vtiger | ||
| webalizer2 | ||
| wordpress | ||
| Makefile | ||
| Makefile.inc | ||