5e7bd302a1
Vulnerability Details
=====================
Class: Cross-Site Request Forgery
Versions: 4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
Fixed In: 4.0.5, 4.2
Description: Due to a lack of validation of the enctype form
attribute when making POST requests to xmlrpc.cgi,
a possible CSRF vulnerability was discovered. If a user
visits an HTML page with some malicious HTML code in it,
an attacker could make changes to a remote Bugzilla installation
on behalf of the victim's account by using the XML-RPC API
on a site running mod_perl. Sites running under mod_cgi
are not affected. Also the user would have had to be
already logged in to the target site for the vulnerability
to work.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=725663
CVE Number: CVE-2012-0453
Approved by: skv (implicit)
|
||
|---|---|---|
| .. | ||
| artwiz-ru | ||
| aspell | ||
| bugzilla3-ru | ||
| bugzilla-ru | ||
| calligra-l10n | ||
| d1489 | ||
| eric4 | ||
| fortune-bashorgru | ||
| fortuneru | ||
| gd | ||
| gimp-help | ||
| hunspell | ||
| hyphen | ||
| ircd-hybrid | ||
| kde3-i18n | ||
| kde4-l10n | ||
| koffice-i18n | ||
| koffice-kde4-l10n | ||
| koi2koi | ||
| koi8r-ps | ||
| ksocrat | ||
| libcyrillic | ||
| MT | ||
| mueller-dic | ||
| muttprint | ||
| mythes | ||
| napster | ||
| p5-Convert-Cyrillic | ||
| p5-cyrillic | ||
| p5-Lingua-DetectCyrillic | ||
| p5-Lingua-RU-Charset | ||
| p5-XML-Parser-encodings | ||
| prawda | ||
| pscyr | ||
| rubygem-russian | ||
| rubygem-rutils | ||
| rus-ispell | ||
| rux | ||
| stardict-bars | ||
| stardict-computer | ||
| stardict-dal | ||
| stardict-engcom | ||
| stardict-mueller7 | ||
| stardict-mueller7accent | ||
| stardict-pc | ||
| tac+ia | ||
| tidyup-mail | ||
| unzip | ||
| wmcyrx | ||
| wordpress | ||
| xcode | ||
| xcyrBGR | ||
| xmms | ||
| xpi-tabextensions | ||
| xruskb | ||
| Makefile | ||
| Makefile.inc | ||