Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2720

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2720
Last Modified 15 Feb 2012 11:15:37
Published 05 Aug 2011 05:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2720

Summary

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.

Vulnerable Systems

Application

  • Glpi-project Glpi 0.42

  • Glpi-project Glpi 0.5

  • Glpi-project Glpi 0.51

  • Glpi-project Glpi 0.51a

  • Glpi-project Glpi 0.6

  • Glpi-project Glpi 0.65

  • Glpi-project Glpi 0.68

  • Glpi-project Glpi 0.68.1

  • Glpi-project Glpi 0.68.2

  • Glpi-project Glpi 0.68.3

  • Glpi-project Glpi 0.70

  • Glpi-project Glpi 0.70.1

  • Glpi-project Glpi 0.70.2

  • Glpi-project Glpi 0.71

  • Glpi-project Glpi 0.71.1

  • Glpi-project Glpi 0.71.2

  • Glpi-project Glpi 0.71.3

  • Glpi-project Glpi 0.71.4

  • Glpi-project Glpi 0.71.5

  • Glpi-project Glpi 0.71.6

  • Glpi-project Glpi 0.72

  • Glpi-project Glpi 0.72.1

  • Glpi-project Glpi 0.72.2

  • Glpi-project Glpi 0.72.3

  • Glpi-project Glpi 0.72.4

  • Glpi-project Glpi 0.78

  • Glpi-project Glpi 0.78.1

  • Glpi-project Glpi 0.78.2

  • Glpi-project Glpi 0.78.3

  • Glpi-project Glpi 0.78.4

  • Glpi-project Glpi 0.78.5

  • Glpi-project Glpi 0.80

  • Glpi-project Glpi 0.80.1


References

CONFIRM - https://forge.indepnet.net/projects/glpi/repository/revisions/14966

CONFIRM - https://forge.indepnet.net/projects/glpi/repository/revisions/14960

CONFIRM - https://forge.indepnet.net/projects/glpi/repository/revisions/14958

CONFIRM - https://forge.indepnet.net/projects/glpi/repository/revisions/14957

CONFIRM - https://forge.indepnet.net/projects/glpi/repository/revisions/14956

CONFIRM - https://forge.indepnet.net/projects/glpi/repository/revisions/14955

CONFIRM - https://forge.indepnet.net/projects/glpi/repository/revisions/14954

CONFIRM - https://forge.indepnet.net/projects/glpi/repository/revisions/14952

CONFIRM - https://forge.indepnet.net/projects/glpi/repository/revisions/14951

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=726185

MLIST - [oss-security] 20110726 Re: CVE Request -- GLPI -- Properly blacklist some sensitive fields

MLIST - [oss-security] 20110725 CVE Request -- GLPI -- Properly blacklist some sensitive fields

CONFIRM - https://forge.indepnet.net/projects/glpi/versions/605

CONFIRM - https://forge.indepnet.net/issues/3017

BID - 48884

CONFIRM - http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en

SECUNIA - 45542

SECUNIA - 45366

FEDORA - FEDORA-2011-9690

FEDORA - FEDORA-2011-9639

MANDRIVA - MDVSA-2012:014


Last Updated: 27 May 2016 10:58:16