Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 8:21 p.m.13 views

CVE-2009-2945

weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...

4.3CVSS6.7AI score0.00865EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2009/09/15 10:30 p.m.31 views

CVE-2009-2945

weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...

4.3CVSS5.9AI score0.00865EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2009/09/15 10:0 p.m.21 views

CVE-2009-2945

weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...

4.3CVSS4.5AI score0.00865EPSS
Exploits0
Debian
Debian
added 2009/09/10 11:54 p.m.13 views

[Backports-security-announce] Security update for webauth

Russ Allbery uploaded new packages for webauth which fixed the following security problem: CVE-2009-2945 WebAuth 3.5.5 introduced a new method to probe for browser cookie support in the WebLogin script. Under rare circumstances, a browser may present the test cookie when loading the login form bu...

4.3CVSS5.6AI score0.00865EPSS
Exploits0
Rows per page
Query Builder