Bugzilla jsonrpc.cgi 跨站请求伪造漏洞

BUGTRAQ ID: 51783 CVE ID: CVE-2012-0440 Bugzilla是一个开源的缺陷跟踪系统，它可以管理软件开发中缺陷的提交，修复，关闭等整个生命周期。 Bugzilla在jsonrpc.cgi的实现上存在CSRF安全漏洞，成功利用这些漏洞可允许攻击者劫持任意用户使用JSON-RPC API的身份验证请求。 0 Mozilla Bugzilla 4.x 厂商补丁： Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/security/...

FreeBSD Ports: bugzilla

The remote host is missing an update to the system as announced in the referenced advisory. VID 309542b5-50b9-11e1-b0d8-00151735203a OpenVAS Vulnerability Test $ Description: Auto generated from VID 309542b5-50b9-11e1-b0d8-00151735203a Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD : bugzilla -- multiple vulnerabilities (309542b5-50b9-11e1-b0d8-00151735203a)

A Bugzilla Security Advisory reports : The following security issues have been discovered in Bugzilla : - Account Impersonation : When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user...

CVE-2012-0440

Cross-site request forgery CSRF vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API...

CVE-2012-0440

Cross-site request forgery CSRF vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API...

CVE-2012-0440

CVE-2012-0440 is a CSRF vulnerability in Bugzilla’s JSON-RPC API (jsonrpc.cgi) that could allow an attacker to hijack the authentication of arbitrary users for JSON-RPC requests. Affected Bugzilla versions include 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x bef...

CVE-2012-0440

Cross-site request forgery CSRF vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Account Impersonation: When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user accoun...

bitcoinrpc-info NSE Script

Obtains information from a Bitcoin server by calling getinfo on its JSON-RPC interface. Script Arguments creds.global http credentials used for the query user:pass slaxml.debug See the documentation for the slaxml library. creds.service See the documentation for the creds library. http.host,...