oss-sec mailing list archives
Re: CVE request: CSRF in eXtplorer
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 27 Jun 2012 01:08:24 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/25/2012 04:34 PM, Moritz Muehlenhoff wrote:
Kurt Seifried wrote:John Leitch has discovered a CSRF vulnerability in eXtplorer: http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross- site.Request.Forgery_174.html Can you please assign a CVE id to it? Cheers, lucianoDoes this affect any versions other than just 2.1 RC3?The upstream version, which is in Debian stable (2.1.0b6, I suppose that refers to beta6) is affected and was released in 2010, so this is not just a regression in a short-lived release candidate. Cheers, Moritz
Please use CVE-2012-3362 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP6rFoAAoJEBYNRVNeJnmT67QQALffg4LsBWnWEKeeg7zzn52y Xt33VLQVGcuRPV89AF6csYA8DpukcGm7xdywp6mJugLnM+HwazpBBoO/eMGCUlYg aAord9gNLh6nmI76jXnDUq0djpSogpttw9zRuN9hI8w6OL/UqVTo4V8PfATPCasW OtA/q6SiYK6fED6TuZtsgln72C+llYVY6UZMee/DTgG5WtXRUwQ01o4Xn9ZXGR1Y GRZagMDDY2YJwcxrHxDt0b765gsQQDJq/jW7ECgybZL4OoRbp3DiHvXMzCSbs6fD Omon9c/rGVLdxwKbHymuvrbPnNVGNV1LOCTVVxN6ppeKL8TFoOaNB+/qmhZvg/fn cmNz0VpzZI/ZJ3u/8QFvhWwAnAytD8tNUPQ4NMcMcVt6ShhG/z43+x6Gel0KMRUA rpcT+4oL7dNUtL82CTZAph9UZ6/9OzsqDdp7MJSW0YfubKuIH1HuIKNStX3UvHwJ DkpTEkxkJIhgzXnwLabmVCHwmIRfwjBlPKdJ5BYjq+cQ61eiP8FRkQHbueFnEXv9 DzKjnwwL211LcBUrXt5TivalM0BsLv4x1oDHKp3J1oHvhYxsH2AiLNnvCNbdtCfc rm0M0UXd0onFLDDZ9Nmit2b1aebj/ZayA0gFdiRCrtk7yfXXXRwgZxu/oOZzD5Nr HvtU+jE9UkhI3capbXK/ =v3np -----END PGP SIGNATURE-----
Current thread:
- CVE request: CSRF in eXtplorer Luciano Bello (Jun 23)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 24)
- Re: CVE request: CSRF in eXtplorer Moritz Muehlenhoff (Jun 25)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 27)
- Re: CVE request: CSRF in eXtplorer Luciano Bello (Jun 26)
- Re: CVE request: CSRF in eXtplorer Moritz Muehlenhoff (Jun 25)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 24)