Candidate: CVE-2009-4898
PublicDate: 2010-09-07 17:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4898
Description:
 Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2
 allows remote attackers to hijack the authentication of arbitrary users for
 requests that update pages, as demonstrated by a URL for a save script in
 the ACTION attribute of a FORM element, in conjunction with a call to the
 submit method in the onload attribute of a BODY element.  NOTE: this issue
 exists because of an insufficient fix for CVE-2009-1339.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_twiki:
upstream_twiki: released (4.3.2)
dapper_twiki: ignored (reached end-of-life)
hardy_twiki: ignored (reached end-of-life)
jaunty_twiki: ignored (reached end-of-life)
karmic_twiki: ignored (reached end-of-life)
lucid_twiki: DNE
maverick_twiki: DNE
natty_twiki: DNE
oneiric_twiki: DNE
devel_twiki: DNE