FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-2720

This CVE name corresponds to:

Entered	Topic
2012-02-10	glpi -- remote attack via crafted POST request

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-2720 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2011-2720
Phase	Assigned(20110711)

Description

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.

References

Source	Reference
MLIST	[oss-security] 20110725 CVE Request -- GLPI -- Properly blacklist some sensitive fields
MLIST	[oss-security] 20110726 Re: CVE Request -- GLPI -- Properly blacklist some sensitive fields
CONFIRM	http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=726185
CONFIRM	https://forge.indepnet.net/issues/3017
CONFIRM	https://forge.indepnet.net/projects/glpi/repository/revisions/14951
CONFIRM	https://forge.indepnet.net/projects/glpi/repository/revisions/14952
CONFIRM	https://forge.indepnet.net/projects/glpi/repository/revisions/14954
CONFIRM	https://forge.indepnet.net/projects/glpi/repository/revisions/14955
CONFIRM	https://forge.indepnet.net/projects/glpi/repository/revisions/14956
CONFIRM	https://forge.indepnet.net/projects/glpi/repository/revisions/14957
CONFIRM	https://forge.indepnet.net/projects/glpi/repository/revisions/14958
CONFIRM	https://forge.indepnet.net/projects/glpi/repository/revisions/14960
CONFIRM	https://forge.indepnet.net/projects/glpi/repository/revisions/14966
CONFIRM	https://forge.indepnet.net/projects/glpi/versions/605
FEDORA	FEDORA-2011-9639
FEDORA	FEDORA-2011-9690
MANDRIVA	MDVSA-2012:014
BID	48884
SECUNIA	45366
SECUNIA	45542