|
[Japanese]
|
JVNDB-2008-000054
|
Blogn vulnerable to cross-site request forgery
|
|
Blogn from R-ONE Computer contains a cross-site request forgery vulnerability.
Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site request forgery vulnerability.
Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Technology Early Warning Partnership.
|
|
Base Metrics:
2.6 (Low)
[IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
BlognPlus
- Blogn(burogun) v1.9.7 and earlier
|
|
Contents created by Blogn may be editted or modified if the logged in user views a malicious web page.
|
|
[Update the Software]
Apply the latest update provided by the vendor.
|
|
BlognPlus
|
|
- JVN : JVN#84125369
- National Vulnerability Database (NVD) : CVE-2008-3885
- Common Vulnerabilities and Exposures (CVE) : CVE-2008-3885
- Secunia Advisory : SA31662
- Common Weakness Enumeration (CWE) : Cross-Site Request Forgery (CWE-352) [IPA Evaluation]
- JVN iPedia (Japanese) : JVNDB-2008-000054
|
|
[2008/09/02]
Web page published
|
|
| 2008/08/29 |
| 2008/09/02 |
| 2008/09/02 |
|
