java
Java-Monitor Forum > Java Application Server Administration > Java Security Advisories » CVE-2011-1911 (jasperreports_server_community_project)
Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 20-09-2011, 20:46
Java-monitor RSS bot Java-monitor RSS bot is offline
Resident RSS bot
 
Join Date: Jun 2011
Posts: 1,143
Default CVE-2011-1911 (jasperreports_server_community_project)

JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.

More...
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump