[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- GLPI -- Properly blacklist some
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-07-26 19:57:34
Message-ID: 1048604435.1604666.1311710254688.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Plese use CVE-2011-2720.
Thanks.
--
JB
----- Original Message -----
> Hello Josh, Steve, vendors,
>
> it was found that GLPI, the Information Resource-Manager with an
> additional Administration-Interface, did not properly blacklist
> certain
> sensitive variables (like GLPI username and password). A remote
> attacker
> could use this flaw to obtain access to plaintext form of these values
> via specially-crafted HTTP POST request.
>
> References:
> [1]
> http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en
> [2] https://forge.indepnet.net/projects/glpi/versions/605
> [3] https://forge.indepnet.net/issues/3017
>
> Relevant patches:
> [4]
> https://forge.indepnet.net/projects/glpi/repository/revisions/14951
> [5]
> https://forge.indepnet.net/projects/glpi/repository/revisions/14952
> [6]
> https://forge.indepnet.net/projects/glpi/repository/revisions/14954
> [7]
> https://forge.indepnet.net/projects/glpi/repository/revisions/14955
> [8]
> https://forge.indepnet.net/projects/glpi/repository/revisions/14956
> [9]
> https://forge.indepnet.net/projects/glpi/repository/revisions/14957
> [10]
> https://forge.indepnet.net/projects/glpi/repository/revisions/14958
> [11]
> https://forge.indepnet.net/projects/glpi/repository/revisions/14960
> [12]
> https://forge.indepnet.net/projects/glpi/repository/revisions/14966
>
> Could you allocate a CVE id for this?
>
> Thank you && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic