Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2009-2945
HistorySep 15, 2009 - 10:00 p.m.

CVE-2009-2945

2009-09-1522:00:00
mitre
www.cve.org
1
stanford university webauth
password exposure
access logs

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

56.4%

JSON

weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

Related

ubuntucve 1
cve 1
debian 2
debiancve 1
prion 1
nvd 1
ubuntucve
ubuntucve
CVE-2009-2945
2009-09-15 00:00:00
cve
cve
CVE-2009-2945
2009-09-15 22:30:00
debian
debian
[Backports-security-announce] Security update for webauth
2009-09-11 00:02:59
[Backports-security-announce] Security update for webauth
2009-09-10 23:54:28
debiancve
debiancve
CVE-2009-2945
2009-09-15 22:30:00
prion
prion
Cross site request forgery (csrf)
2009-09-15 22:30:00
nvd
nvd
CVE-2009-2945
2009-09-15 22:30:00

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

56.4%

JSON
Related for CVELIST:CVE-2009-2945
ubuntucve1cve1debian2debiancve1prion1nvd1