Published:2005/07/20  Last Updated:2008/05/21

JVN#60776919
tDiary cross-site request forgery vulnerability

Overview

tDiary, a weblog system from the tDiary development project, contains a cross-site request forgery (CSRF) vulnerability.

Products Affected

  • tDiary 2.0.1 and earlier
  • tDiary 2.1.1

Description

Impact

If a user loads a malicious web page, an attacker could alter or delete the diary text or alter tDiary configurations. In addition, a remote attacker could execute an arbitrary script or command on the web server running tDiary with privileges of the tDiary user.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
tDiary.org Vulnerable 2005/07/20

References

JPCERT/CC Addendum

Credit

Yutaka Oiwa and Hiromitsu Takagi of Research Center for Information Security (RCIS) National Institute of Advanced Industrial Science and Technology (AIST), Japan reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2005-2411
JVN iPedia JVNDB-2005-000777

Update History