flyspray -- authentication bypass

2007-03-13T00:00:00
ID 209F0D75-4B5C-11DC-A6CD-000FB5066B20
Type freebsd
Reporter FreeBSD
Modified 2007-03-13T00:00:00

Description

The Flyspray Project reports:

Flyspray authentication system can be bypassed by sending a carefully crafted post request. To be vulnerable, PHP configuration directive output_buffering has to be disabled or set to a low value.