CVE-2011-2720

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.
References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063408.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063679.html
http://secunia.com/advisories/45366 Vendor Advisory
http://secunia.com/advisories/45542
http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en
http://www.mandriva.com/security/advisories?name=MDVSA-2012:014
http://www.openwall.com/lists/oss-security/2011/07/25/7 Patch
http://www.openwall.com/lists/oss-security/2011/07/26/11 Patch
http://www.securityfocus.com/bid/48884
https://bugzilla.redhat.com/show_bug.cgi?id=726185 Patch
https://forge.indepnet.net/issues/3017
https://forge.indepnet.net/projects/glpi/repository/revisions/14951 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14952 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14954 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14955 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14956 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14957 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14958 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14960 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14966 Patch
https://forge.indepnet.net/projects/glpi/versions/605
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063408.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063679.html
http://secunia.com/advisories/45366 Vendor Advisory
http://secunia.com/advisories/45542
http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en
http://www.mandriva.com/security/advisories?name=MDVSA-2012:014
http://www.openwall.com/lists/oss-security/2011/07/25/7 Patch
http://www.openwall.com/lists/oss-security/2011/07/26/11 Patch
http://www.securityfocus.com/bid/48884
https://bugzilla.redhat.com/show_bug.cgi?id=726185 Patch
https://forge.indepnet.net/issues/3017
https://forge.indepnet.net/projects/glpi/repository/revisions/14951 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14952 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14954 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14955 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14956 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14957 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14958 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14960 Patch
https://forge.indepnet.net/projects/glpi/repository/revisions/14966 Patch
https://forge.indepnet.net/projects/glpi/versions/605
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.5:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.5:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.6:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.6:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.6:rc3:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.42:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.51:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.51a:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.65:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.65:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.65:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68:rc3:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68.1:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68.2:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.68.3:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70:rc3:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70.1:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.70.2:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.1:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.1:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.1:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.1:rc3:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.2:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.3:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.4:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.5:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.71.6:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72:rc1:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72:rc2:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72:rc3:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72.1:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72.2:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72.3:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.72.4:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78.1:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78.2:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78.3:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78.4:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.78.5:*:*:*:*:*:*:*
cpe:2.3:a:glpi-project:glpi:0.80:*:*:*:*:*:*:*

History

21 Nov 2024, 01:28

Type Values Removed Values Added
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063408.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063408.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063679.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063679.html -
References () http://secunia.com/advisories/45366 - Vendor Advisory () http://secunia.com/advisories/45366 - Vendor Advisory
References () http://secunia.com/advisories/45542 - () http://secunia.com/advisories/45542 -
References () http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en - () http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2012:014 - () http://www.mandriva.com/security/advisories?name=MDVSA-2012:014 -
References () http://www.openwall.com/lists/oss-security/2011/07/25/7 - Patch () http://www.openwall.com/lists/oss-security/2011/07/25/7 - Patch
References () http://www.openwall.com/lists/oss-security/2011/07/26/11 - Patch () http://www.openwall.com/lists/oss-security/2011/07/26/11 - Patch
References () http://www.securityfocus.com/bid/48884 - () http://www.securityfocus.com/bid/48884 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=726185 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=726185 - Patch
References () https://forge.indepnet.net/issues/3017 - () https://forge.indepnet.net/issues/3017 -
References () https://forge.indepnet.net/projects/glpi/repository/revisions/14951 - Patch () https://forge.indepnet.net/projects/glpi/repository/revisions/14951 - Patch
References () https://forge.indepnet.net/projects/glpi/repository/revisions/14952 - Patch () https://forge.indepnet.net/projects/glpi/repository/revisions/14952 - Patch
References () https://forge.indepnet.net/projects/glpi/repository/revisions/14954 - Patch () https://forge.indepnet.net/projects/glpi/repository/revisions/14954 - Patch
References () https://forge.indepnet.net/projects/glpi/repository/revisions/14955 - Patch () https://forge.indepnet.net/projects/glpi/repository/revisions/14955 - Patch
References () https://forge.indepnet.net/projects/glpi/repository/revisions/14956 - Patch () https://forge.indepnet.net/projects/glpi/repository/revisions/14956 - Patch
References () https://forge.indepnet.net/projects/glpi/repository/revisions/14957 - Patch () https://forge.indepnet.net/projects/glpi/repository/revisions/14957 - Patch
References () https://forge.indepnet.net/projects/glpi/repository/revisions/14958 - Patch () https://forge.indepnet.net/projects/glpi/repository/revisions/14958 - Patch
References () https://forge.indepnet.net/projects/glpi/repository/revisions/14960 - Patch () https://forge.indepnet.net/projects/glpi/repository/revisions/14960 - Patch
References () https://forge.indepnet.net/projects/glpi/repository/revisions/14966 - Patch () https://forge.indepnet.net/projects/glpi/repository/revisions/14966 - Patch
References () https://forge.indepnet.net/projects/glpi/versions/605 - () https://forge.indepnet.net/projects/glpi/versions/605 -

Information

Published : 2011-08-05 21:55

Updated : 2024-11-21 01:28


NVD link : CVE-2011-2720

Mitre link : CVE-2011-2720

CVE.ORG link : CVE-2011-2720


JSON object : View

Products Affected

glpi-project

  • glpi
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor