CVE-2012-0453

Priority
Medium
Description
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla
4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows
remote attackers to hijack the authentication of arbitrary users for
requests that modify the product's installation via the XML-RPC API.
References
Package
Upstream:not-affected (3.6.2.0-4.5)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected (3.6.3.0-2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:22:37 UTC (commit 5347)