'Re: [oss-security] CVE request: CSRF in eXtplorer'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: CSRF in eXtplorer
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-06-27 7:08:24
Message-ID: 4FEAB168.3010305 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/25/2012 04:34 PM, Moritz Muehlenhoff wrote:
> Kurt Seifried wrote:
> 
>>> John Leitch has discovered a CSRF vulnerability in eXtplorer: 
>>> http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-
>>>  site.Request.Forgery_174.html
>>> 
>>> Can you please assign a CVE id to it?
>>> 
>>> Cheers, luciano
>> 
>> Does this affect any versions other than just 2.1 RC3?
> 
> The upstream version, which is in Debian stable (2.1.0b6, I suppose
> that refers to beta6) is affected and was released in 2010, so this
> is not just a regression in a short-lived release candidate.
> 
> Cheers, Moritz

Please use CVE-2012-3362 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP6rFoAAoJEBYNRVNeJnmT67QQALffg4LsBWnWEKeeg7zzn52y
Xt33VLQVGcuRPV89AF6csYA8DpukcGm7xdywp6mJugLnM+HwazpBBoO/eMGCUlYg
aAord9gNLh6nmI76jXnDUq0djpSogpttw9zRuN9hI8w6OL/UqVTo4V8PfATPCasW
OtA/q6SiYK6fED6TuZtsgln72C+llYVY6UZMee/DTgG5WtXRUwQ01o4Xn9ZXGR1Y
GRZagMDDY2YJwcxrHxDt0b765gsQQDJq/jW7ECgybZL4OoRbp3DiHvXMzCSbs6fD
Omon9c/rGVLdxwKbHymuvrbPnNVGNV1LOCTVVxN6ppeKL8TFoOaNB+/qmhZvg/fn
cmNz0VpzZI/ZJ3u/8QFvhWwAnAytD8tNUPQ4NMcMcVt6ShhG/z43+x6Gel0KMRUA
rpcT+4oL7dNUtL82CTZAph9UZ6/9OzsqDdp7MJSW0YfubKuIH1HuIKNStX3UvHwJ
DkpTEkxkJIhgzXnwLabmVCHwmIRfwjBlPKdJ5BYjq+cQ61eiP8FRkQHbueFnEXv9
DzKjnwwL211LcBUrXt5TivalM0BsLv4x1oDHKp3J1oHvhYxsH2AiLNnvCNbdtCfc
rm0M0UXd0onFLDDZ9Nmit2b1aebj/ZayA0gFdiRCrtk7yfXXXRwgZxu/oOZzD5Nr
HvtU+jE9UkhI3capbXK/
=v3np
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic