CVE-2012-0453

Priority
Medium
Description
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla
4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows
remote attackers to hijack the authentication of arbitrary users for
requests that modify the product's installation via the XML-RPC API.
References
Package
Upstream:not-affected (3.6.2.0-4.5)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:23 UTC (commit 9756)