Secunia Security Advisory - Mark Janssen has reported some vulnerabilities in Blackboard Academic Suite, which can be exploited by malicious people to conduct cross-site request forgery attacks.
47b3f4a6da9fb3d92b8f5d41577a9e3cf8a8404a408bfe476a11d83f99251917
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Blackboard Academic Suite Cross-Site Request Forgery Vulnerabilities
SECUNIA ADVISORY ID:
SA31177
VERIFY ADVISORY:
http://secunia.com/advisories/31177/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
SOFTWARE:
Blackboard Academic Suite 8.x
http://secunia.com/product/18189/
DESCRIPTION:
Mark Janssen has reported some vulnerabilities in Blackboard Academic
Suite, which can be exploited by malicious people to conduct
cross-site request forgery attacks.
The vulnerabilities are caused due to the application allowing users
to perform certain actions via HTTP requests without performing any
validity checks to verify the request. This can be exploited to e.g.
enroll users in courses.
SOLUTION:
Do not browse other website while being logged in to the Blackboard
Academic Suite.
PROVIDED AND/OR DISCOVERED BY:
Mark Janssen
ORIGINAL ADVISORY:
http://ceaseless.ws/bb-csrf/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------