CVE-2014-1546

Sažetak

The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with the _bz_callback character set.

Reference

http://advisories.mageia.org/MGASA-2014-0349.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136217.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136369.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:169
http://www.securityfocus.com/archive/1/532895
http://www.securitytracker.com/id/1030648
https://bugzilla.mozilla.org/show_bug.cgi?id=1036213

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

07-01-2017 - 02:59

Objavljeno

14-08-2014 - 11:15