[Japanese]

JVNDB-2015-000047

bBlog vulnerable to cross-site request forgery

Overview

bBlog is weblog software. bBlog contains a cross-site request forgery vulnerability (CWE-352).
CVSS Severity (What is CVSS?)

Base Metrics: 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


Eaden McKee
  • bBlog

Impact

If a user views a malicious page while logged in, unintended operations may be performed.
Solution

[Do not use bBlog]
bBlog is no longer being developed or maintained. It is recommended to stop using bBlog.

The developer states that "DO NOT use this software in production. It is years out of date. It is here simply for historical purposes. There are known security issues."
Vendor Information

Eaden McKee
CWE (What is CWE?)

  1. Cross-Site Request Forgery(CWE-352) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2015-0905
References

  1. JVN : JVN#71903938
  2. National Vulnerability Database (NVD) : CVE-2015-0905
Revision History

[2015/04/07]
  Web page was published
[2015/04/09]
  References : Content was added