[Japanese]

JVNDB-2005-000777

tDiary cross-site request forgery vulnerability

Overview

tDiary, a weblog system from the tDiary development project, contains a cross-site request forgery (CSRF) vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


tDiary development project
  • tDiary 2.0.1 and earlier
  • tDiary 2.1.1

Impact

If a user loads a malicious web page, an attacker could alter or delete the diary text or alter tDiary configurations. In addition, a remote attacker could execute an arbitrary script or command on the web server running tDiary with privileges of the tDiary user.
Solution

Vendor Information

tDiary development project
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2005-2411
References

  1. JVN : JVN#60776919
  2. National Vulnerability Database (NVD) : CVE-2005-2411
  3. Secunia Advisory : SA16329
  4. SecurityFocus : 14500
  5. ISS X-Force Database : 21735
Revision History

  • [2008/05/21]
      Web page published