JForum May Let Remote Authenticated Users Access Restricted Forums
|
|
SecurityTracker Alert ID: 1009972
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 28 2004
|
Impact: User access via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): prior to RC2.1
|
Description: A vulnerability was reported in JForum. A remote authenticated user can access restricted forums.
The vendor reported that a remote authenticated user can submit a URL with the proper forum ID to view or post messages to a restricted forum.
|
Impact: A remote user may be able to view or post messages to a restricted forum.
|
Solution: The vendor has issued a fixed version (RC3), available at:
http://sourceforge.net/project/showfiles.php?group_id=15940
|
Vendor URL: www.jforum.net/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Java, Linux (Any), UNIX (Any), Windows (Any)
|
Underlying OS Comments: Java-based
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 28 Apr 2004 14:15:42 -0400
Subject: JForum RC3
|
http://www.jforum.net/
> JForum RC3
> Changes:
> Security issues and other minor bugs were fixed.
|
|
