Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Apr 2016 15:09:32 +0000
From: Nathan Van Gheem <vangheem@...il.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE Request: Privilege escalation in webdav

Can a CVE be assigned to this issue, please?

https://plone.org/security/20160419/privilege-escalation-in-webdav

A missing webdav security declaration would allow unauthorized webdav
access.

The relevant code is:

https://plone.org/security/20150910/

The vendor credits with the discovery: Thomas Mogensen

Thanks, let me know if you'd like more information.

-- 
Nathan Van Gheem
Director of Solutions Engineering
Wildcard Corp

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ