Prominent Web Sites Have Serious Coding Flaw |
|
| BugsAlert Home > Prominent Web Sites Have Serious Coding Flaw | |
|
LinuxSecurity.com: Cross-site request forgery flaw on several prominent Web sites allows an attacker to perform actions on behalf of a victim who is already logged into the site Two Princeton University academics have found a type of coding flaw on several prominent Web sites that could jeopardize personal data and in one alarming case, drain a bank account. The type of flaw, called cross-site request forgery (CSRF), allows an attacker to perform actions on a Web site on behalf of a victim who is already logged into the site. Have you hear about the news that two Princeton University academics have published security flaws in some high traffic sites? Why do you you think these sites are taking their time in fixing the problem? Original Source: http://www.linuxsecurity.com/content/view/142772?rdf Learn more about Prominent Web Sites Have Serious Coding Flaw |
|
| Tags: prominent web sites coding flaw | |
Related Items |
|
|
MS07-053 - Important: Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
|
|
|
FrSIRT - Serendipity Data Handling Client-Side Cross Site Scripting Vulnerabilities
|
|
|
Mandriva: Updated rpmdrake packages fix various bugs
|
|
|
Pardus: Qemu Denial of Service
|
|
|
Which payware anti-virus app do you use and why?
|
|
|
CVE-2007-6279 (libflac)
|
|
|
SuSE: Xorg and XFree (SUSE-SA:2008:003)
|
|
