Mandriva Update For Glpi MDVSA-2012:014 (glpi) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in GLPI: The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request (CVE-2011-2720). This advisory provides the latest version of GLPI (0.80.6) which are not vulnerable to this issue. Additionally the latest versions of the corresponding plugins are also being provided.

Affected

glpi on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2011-2720

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:167 (php)
Mandrake Security Advisory MDVSA-2009:193 (ruby)
Mandrake Security Advisory MDVSA-2009:136 (tomcat5)
Mandrake Security Advisory MDVSA-2009:176 (git)
Mandrake Security Advisory MDVSA-2009:125 (wireshark)

Mandriva Update for glpi MDVSA-2012:014 (glpi)

Take action and discover your vulnerabilities