47 matches found
DEBIAN-CVE-2009-2945
weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...
CVE-2009-2945
weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...
CVE-2009-2945
weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...
CVE-2009-2945
CVE-2009-2945 affects Stanford WebAuth WebLogin (weblogin/login.fcgi) versions 3.5.5, 3.6.0, 3.6.1. The issue arises when a POST is converted to a GET, causing user passwords to appear in URLs that may be logged by web servers, stored in browser history, or included in Referer headers. This enabl...
[Backports-security-announce] Security update for webauth
Russ Allbery uploaded new packages for webauth which fixed the following security problem: CVE-2009-2945 WebAuth 3.5.5 introduced a new method to probe for browser cookie support in the WebLogin script. Under rare circumstances, a browser may present the test cookie when loading the login form bu...
[Backports-security-announce] Security update for webauth
Russ Allbery uploaded new packages for webauth which fixed the following security problem: CVE-2009-2945 WebAuth 3.5.5 introduced a new method to probe for browser cookie support in the WebLogin script. Under rare circumstances, a browser may present the test cookie when loading the login form bu...
CVE-2009-0059
Cisco CVE-2009-0059 affects Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated WLCs. Vulnerable software versions are 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0. The issue allows remote attackers to cause a denial of...