← voltar
CVE-2011-2720

CVE-2011-2720

EPSS 2.9%
The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063408.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-August/063679.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=726185http://secunia.com/advisories/45366http://secunia.com/advisories/45542https://forge.indepnet.net/issues/3017https://forge.indepnet.net/projects/glpi/repository/revisions/14951https://forge.indepnet.net/projects/glpi/repository/revisions/14952https://forge.indepnet.net/projects/glpi/repository/revisions/14954https://forge.indepnet.net/projects/glpi/repository/revisions/14955https://forge.indepnet.net/projects/glpi/repository/revisions/14956https://forge.indepnet.net/projects/glpi/repository/revisions/14957