CVE Reference: CVE-2009-4898

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2009-4898

Description:
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.

CVE Status:
Candidate

References:

MLIST
  http://www.openwall.com/lists/oss-security/2010/08/02/17
  http://www.openwall.com/lists/oss-security/2010/08/03/8

CONFIRM
  http://twiki.org/cgi-bin/view/Codev/SecurityAuditTokenBasedCsrfFix


Return to the previous page.