Flyspray 0.9.9, when output_buffering is disabled or set to a low value, allows remote attackers to bypass authentication via a crafted post request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Flyspray | Flyspray | 0.9.9 (including) | 0.9.9 (including) |
Flyspray | Ubuntu | dapper | * |
Flyspray | Ubuntu | edgy | * |
Flyspray | Ubuntu | feisty | * |
Flyspray | Ubuntu | gutsy | * |