Lucene search

RedhatCVE-2011-2720

HistoryAug 05, 2011 - 9:55 p.m.

CVE-2011-2720

2011-08-0521:55:06

CWE-200

redhat

web.nvd.nist.gov

glpi

autocompletion

security vulnerability

cve-2011-2720

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.007

Percentile

80.4%

JSON

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.

Affected configurations

Nvd

Node

glpi-projectglpiRange≤0.80.1

glpi-projectglpiMatch0.5

glpi-projectglpiMatch0.5rc1

glpi-projectglpiMatch0.5rc2

glpi-projectglpiMatch0.6

glpi-projectglpiMatch0.6rc1

glpi-projectglpiMatch0.6rc2

glpi-projectglpiMatch0.6rc3

glpi-projectglpiMatch0.42

glpi-projectglpiMatch0.51

glpi-projectglpiMatch0.51a

glpi-projectglpiMatch0.65

glpi-projectglpiMatch0.65rc1

glpi-projectglpiMatch0.65rc2

glpi-projectglpiMatch0.68

glpi-projectglpiMatch0.68rc1

glpi-projectglpiMatch0.68rc2

glpi-projectglpiMatch0.68rc3

glpi-projectglpiMatch0.68.1

glpi-projectglpiMatch0.68.2

glpi-projectglpiMatch0.68.3

glpi-projectglpiMatch0.70

glpi-projectglpiMatch0.70rc1

glpi-projectglpiMatch0.70rc2

glpi-projectglpiMatch0.70rc3

glpi-projectglpiMatch0.70.1

glpi-projectglpiMatch0.70.2

glpi-projectglpiMatch0.71

glpi-projectglpiMatch0.71.1

glpi-projectglpiMatch0.71.1rc1

glpi-projectglpiMatch0.71.1rc2

glpi-projectglpiMatch0.71.1rc3

glpi-projectglpiMatch0.71.2

glpi-projectglpiMatch0.71.3

glpi-projectglpiMatch0.71.4

glpi-projectglpiMatch0.71.5

glpi-projectglpiMatch0.71.6

glpi-projectglpiMatch0.72

glpi-projectglpiMatch0.72rc1

glpi-projectglpiMatch0.72rc2

glpi-projectglpiMatch0.72rc3

glpi-projectglpiMatch0.72.1

glpi-projectglpiMatch0.72.2

glpi-projectglpiMatch0.72.3

glpi-projectglpiMatch0.72.4

glpi-projectglpiMatch0.78

glpi-projectglpiMatch0.78.1

glpi-projectglpiMatch0.78.2

glpi-projectglpiMatch0.78.3

glpi-projectglpiMatch0.78.4

glpi-projectglpiMatch0.78.5

glpi-projectglpiMatch0.80

VendorProductVersionCPE
glpi-projectglpi*cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
glpi-projectglpi0.5cpe:2.3:a:glpi-project:glpi:0.5:*:*:*:*:*:*:*
glpi-projectglpi0.5cpe:2.3:a:glpi-project:glpi:0.5:rc1:*:*:*:*:*:*
glpi-projectglpi0.5cpe:2.3:a:glpi-project:glpi:0.5:rc2:*:*:*:*:*:*
glpi-projectglpi0.6cpe:2.3:a:glpi-project:glpi:0.6:*:*:*:*:*:*:*
glpi-projectglpi0.6cpe:2.3:a:glpi-project:glpi:0.6:rc1:*:*:*:*:*:*
glpi-projectglpi0.6cpe:2.3:a:glpi-project:glpi:0.6:rc2:*:*:*:*:*:*
glpi-projectglpi0.6cpe:2.3:a:glpi-project:glpi:0.6:rc3:*:*:*:*:*:*
glpi-projectglpi0.42cpe:2.3:a:glpi-project:glpi:0.42:*:*:*:*:*:*:*
glpi-projectglpi0.51cpe:2.3:a:glpi-project:glpi:0.51:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
glpi-project	glpi	*	cpe:2.3:a:glpi-project:glpi::::::::
glpi-project	glpi	0.5	cpe:2.3:a:glpi-project:glpi:0.5:::::::*
glpi-project	glpi	0.5	cpe:2.3:a:glpi-project:glpi:0.5:rc1::::::
glpi-project	glpi	0.5	cpe:2.3:a:glpi-project:glpi:0.5:rc2::::::
glpi-project	glpi	0.6	cpe:2.3:a:glpi-project:glpi:0.6:::::::*
glpi-project	glpi	0.6	cpe:2.3:a:glpi-project:glpi:0.6:rc1::::::
glpi-project	glpi	0.6	cpe:2.3:a:glpi-project:glpi:0.6:rc2::::::
glpi-project	glpi	0.6	cpe:2.3:a:glpi-project:glpi:0.6:rc3::::::
glpi-project	glpi	0.42	cpe:2.3:a:glpi-project:glpi:0.42:::::::*
glpi-project	glpi	0.51	cpe:2.3:a:glpi-project:glpi:0.51:::::::*

Rows per page:

1-10 of 521

References

lists.fedoraproject.org/pipermail/package-announce/2011-August/063408.html

lists.fedoraproject.org/pipermail/package-announce/2011-August/063679.html

secunia.com/advisories/45366

secunia.com/advisories/45542

www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en

www.mandriva.com/security/advisories?name=MDVSA-2012:014

www.openwall.com/lists/oss-security/2011/07/25/7

www.openwall.com/lists/oss-security/2011/07/26/11

www.securityfocus.com/bid/48884

bugzilla.redhat.com/show_bug.cgi?id=726185

forge.indepnet.net/issues/3017

forge.indepnet.net/projects/glpi/repository/revisions/14951

forge.indepnet.net/projects/glpi/repository/revisions/14952

forge.indepnet.net/projects/glpi/repository/revisions/14954

forge.indepnet.net/projects/glpi/repository/revisions/14955

forge.indepnet.net/projects/glpi/repository/revisions/14956

forge.indepnet.net/projects/glpi/repository/revisions/14957

forge.indepnet.net/projects/glpi/repository/revisions/14958

forge.indepnet.net/projects/glpi/repository/revisions/14960

forge.indepnet.net/projects/glpi/repository/revisions/14966

forge.indepnet.net/projects/glpi/versions/605

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.007

Percentile

80.4%

JSON

Related for CVE-2011-2720