mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-27 05:10:36 +00:00
5e7bd302a1
Vulnerability Details ===================== Class: Cross-Site Request Forgery Versions: 4.0.2 to 4.0.4, 4.1.1 to 4.2rc2 Fixed In: 4.0.5, 4.2 Description: Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some malicious HTML code in it, an attacker could make changes to a remote Bugzilla installation on behalf of the victim's account by using the XML-RPC API on a site running mod_perl. Sites running under mod_cgi are not affected. Also the user would have had to be already logged in to the target site for the vulnerability to work. References: https://bugzilla.mozilla.org/show_bug.cgi?id=725663 CVE Number: CVE-2012-0453 Approved by: skv (implicit) |
||
---|---|---|
.. | ||
acroread8 | ||
acroread9 | ||
alt-aspell | ||
aspell | ||
BBBike | ||
bsdforen-firefox-searchplugin | ||
bsdgroup-firefox-searchplugin | ||
bsdpaste | ||
bugzilla | ||
bugzilla3 | ||
calligra-l10n | ||
dict | ||
digibux | ||
ding | ||
dtaus | ||
eric4 | ||
geonext | ||
gimp-help | ||
hunspell | ||
hyphen | ||
ispell | ||
ispell-alt | ||
ispell-neu | ||
jdictionary-eng-ger | ||
jdictionary-ger-hun | ||
kde3-i18n | ||
kde4-l10n | ||
kheisereg | ||
koffice-i18n | ||
koffice-kde4-l10n | ||
ksteak | ||
manpages | ||
mediathek | ||
MT | ||
mythes | ||
pecl-konto_check | ||
phone | ||
php_doc | ||
schwobifyer | ||
selfhtml | ||
steak | ||
tipp10 | ||
unix-connect | ||
vtiger | ||
webalizer2 | ||
wordpress | ||
Makefile | ||
Makefile.inc |