Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1455

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-1455
Last Modified 28 Apr 2009 12:00:00
Published 28 Apr 2009 12:30:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1455

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact.

Vulnerable Systems

Application

  • Andrew Simpson Webcollab 2.20

  • Andrew Simpson Webcollab 2.30

  • Andrew Simpson Webcollab 2.31

  • Andrew Simpson Webcollab 2.40


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945

MISC - http://holisticinfosec.org/content/view/108/45/

XF - webcollab-unspecifed-csrf(49940)

OSVDB - 53781

SECUNIA - 34568


Last Updated: 27 May 2016 10:50:34