CVE-2009-4898

Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element.  NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
twikitwiki
𝑥
≤ 4.3.1
twikitwiki
4.0.0
twikitwiki
4.0.1
twikitwiki
4.0.2
twikitwiki
4.0.3
twikitwiki
4.0.4
twikitwiki
4.0.5
twikitwiki
4.1.0
twikitwiki
4.1.1
twikitwiki
4.1.2
twikitwiki
4.2.0
twikitwiki
4.2.1
twikitwiki
4.2.2
twikitwiki
4.2.3
twikitwiki
4.2.4
twikitwiki
4.3.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
twiki
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
ignored
jaunty
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://twiki.org/cgi-bin/view/Codev/SecurityAuditTokenBasedCsrfFix
http://www.openwall.com/lists/oss-security/2010/08/02/17
http://www.openwall.com/lists/oss-security/2010/08/03/8
http://twiki.org/cgi-bin/view/Codev/SecurityAuditTokenBasedCsrfFix
http://www.openwall.com/lists/oss-security/2010/08/02/17
http://www.openwall.com/lists/oss-security/2010/08/03/8