Vulnerability Name: | CVE-2009-1434 (CCN-50256) | ||||||||
Assigned: | 2009-04-29 | ||||||||
Published: | 2009-04-29 | ||||||||
Updated: | 2017-08-17 | ||||||||
Summary: | Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-352 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2009-1434 Source: CCN Type: Foswiki Web site Security Alert: Foswiki Page View Cross-Site Request Forgery (CSRF) Source: CONFIRM Type: Patch, Vendor Advisory http://foswiki.org/Support/SecurityAlert-CVE-2009-1434 Source: OSVDB Type: UNKNOWN 54148 Source: CCN Type: SA34863 Foswiki Cross-Site Request Forgery Vulnerabilities Source: SECUNIA Type: Vendor Advisory 34863 Source: MLIST Type: Patch [foswiki-announce] 20090427 Security Alert CVE-2009-1434: Foswiki Page View Cross-Site Request Forgery (CSRF) Source: CCN Type: OSVDB ID: 54148 Foswiki GET Request Handling Multiple CSRF Source: CCN Type: OSVDB ID: 54175 TWiki Page Update User Authentication Bypass CSRF Source: XF Type: UNKNOWN foswiki-unspecified-csrf(50256) Source: XF Type: UNKNOWN foswiki-unspecified-csrf(50256) Source: CONFIRM Type: UNKNOWN https://launchpad.net/bugs/cve/2009-1434 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |