[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Piwik <= 0.4.5 Cookie Unserialize()
From: Josh Bressers <bressers () redhat ! com>
Date: 2009-12-10 16:24:30
Message-ID: 106755777.1035741260462270839.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2009-4137 for this.
Sadly I can't find other references. Even the Piwik changelog is a bit slient
on this.
Thanks.
--
JB
----- "Eren Türkay" <eren@pardus.org.tr> wrote:
> Hello,
>
> Piwik is an open source web analytics software program used by various
>
> sites.
>
> Stefan Esser found a vulnerability in Piwik, which can allow arbitrary
> files
> to be written into writable locations on the webserver. He says, it is
> also
> possible to execute arbitrary PHP code directly in newer versions of
> Piwik.
>
> The original advisory is here:
> http://www.suspekt.org/2009/12/09/advisory-032009-piwik-cookie-
> unserialize-vulnerability/
>
> I think, it is worth assigning a CVE.
>
> Regards,
> Eren
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic