oss-sec mailing list archives
CVE Request -- Sahana -- v0.6.2.2 -- Authentication bypass via "acl_enable_acl" URLs
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 19 Mar 2010 11:35:10 +0100
Hi Steve, vendors, Christopher showed: [1] http://archives.neohapsis.com/archives/bugtraq/2010-03/0156.html a deficiency in the way, Sahana disaster management system performed user authentication. Visiting a certain URL would allow an attacker to view (and potentially modify) information, which should be otherwise protected by authentication. Upstream bug report: [2] http://sourceforge.net/tracker/?func=detail&aid=2970786&group_id=127855&atid=709778 References: [3] http://archives.neohapsis.com/archives/bugtraq/2010-03/0156.html [4] http://secunia.com/advisories/39020/ Affected versions: Issue reported against v0.6.2.2. Other versions may be also affected. Credit: Christopher Could you allocate a CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Sahana -- v0.6.2.2 -- Authentication bypass via "acl_enable_acl" URLs Jan Lieskovsky (Mar 19)
- Re: CVE Request -- Sahana -- v0.6.2.2 -- Authentication bypass via "acl_enable_acl" URLs Steven M. Christey (Mar 30)