漏洞信息详情
GLPI-Project GLPI autocompletion功能敏感信息泄露漏洞
- CNNVD编号:CNNVD-201108-106
- 危害等级: 中危
- CVE编号: CVE-2011-2720
- 漏洞类型: 信息泄露
- 发布时间: 2011-08-08
- 威胁类型: 远程
- 更新时间: 2011-08-09
- 厂 商: glpi-project
- 漏洞来源:
漏洞简介
GLPI是Indepnet协会维护的一款开源的IT资源管理套件。该套件包含设备状态管理、资产清单存储、管理流程和工作日志管理等功能。
GLPI 0.80.2之前版本中的autocompletion功能不能将某些用户名和密码字段列入黑名单。远程攻击者可借助特制的POST请求获取敏感信息。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en
参考网址
来源: forge.indepnet.net
链接:https://forge.indepnet.net/projects/glpi/versions/605
来源: forge.indepnet.net
链接:https://forge.indepnet.net/projects/glpi/repository/revisions/14966
来源: forge.indepnet.net
链接:https://forge.indepnet.net/projects/glpi/repository/revisions/14960
来源: forge.indepnet.net
链接:https://forge.indepnet.net/projects/glpi/repository/revisions/14958
来源: forge.indepnet.net
链接:https://forge.indepnet.net/projects/glpi/repository/revisions/14957
来源: forge.indepnet.net
链接:https://forge.indepnet.net/projects/glpi/repository/revisions/14956
来源: forge.indepnet.net
链接:https://forge.indepnet.net/projects/glpi/repository/revisions/14955
来源: forge.indepnet.net
链接:https://forge.indepnet.net/projects/glpi/repository/revisions/14954
来源: forge.indepnet.net
链接:https://forge.indepnet.net/projects/glpi/repository/revisions/14952
来源: forge.indepnet.net
链接:https://forge.indepnet.net/projects/glpi/repository/revisions/14951
来源: forge.indepnet.net
链接:https://forge.indepnet.net/issues/3017
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=726185
来源: BID
名称: 48884
链接:http://www.securityfocus.com/bid/48884
来源: MLIST
名称: [oss-security] 20110726 Re: CVE Request -- GLPI -- Properly blacklist some sensitive fields
链接:http://www.openwall.com/lists/oss-security/2011/07/26/11
来源: MLIST
名称: [oss-security] 20110725 CVE Request -- GLPI -- Properly blacklist some sensitive fields
链接:http://www.openwall.com/lists/oss-security/2011/07/25/7
来源: www.glpi-project.org
链接:http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en
来源: SECUNIA
名称: 45366
链接:http://secunia.com/advisories/45366
受影响实体
- Glpi-Project Glpi:0.42
- Glpi-Project Glpi:0.5:Rc1
- Glpi-Project Glpi:0.5:Rc2
- Glpi-Project Glpi:0.5
- Glpi-Project Glpi:0.51
补丁
暂无
评论