Candidate: CVE-2009-2945
PublicDate: 2009-09-15 22:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2945
Description:
 weblogin/login.fcgi (aka the WebLogin login script) in Stanford University
 WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain
 circumstances involving conversion of a POST request to a GET request,
 which allows context-dependent attackers to discover passwords by reading
 (1) web-server access logs, (2) web-server Referer logs, or (3) the browser
 history.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_webauth:
upstream_webauth: released (3.6.2-1)
dapper_webauth: ignored (reached end-of-life)
hardy_webauth: ignored (reached end-of-life)
intrepid_webauth: needed (reached end-of-life)
jaunty_webauth: ignored (reached end-of-life)
karmic_webauth: ignored (reached end-of-life)
lucid_webauth: not-affected (3.6.2-2)
maverick_webauth: not-affected (3.6.2-2)
natty_webauth: not-affected (3.6.2-2)
oneiric_webauth: not-affected (3.6.2-2)
devel_webauth: not-affected (3.6.2-2)