CVE

Id
40380  
CVE No.
CVE-2009-2945  
Status
Candidate  
Description
weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.  
Phase
Assigned (20090823)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
443739 40380 CVE-2009-2945 CONFIRM:http://webauth.stanford.edu/security/2009-09-10.html  View
443740 40380 CVE-2009-2945 SECUNIA:36640  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
35342 JVNDB-2010-001122 OpenOffice.org の XPMReader::ReadXPM 関数における整数オーバーフローの脆弱性 OpenOffice.org の XPMReader::ReadXPM 関数には、任意のコードを実行される脆弱性が存在します。 CVE-2009-2949 40380 9.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001122.html  View