CVE-2008-3743 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors related to improper token validation for (1) cached forms and (2) forms with AHAH elements.

Reference

http://drupal.org/node/295053 http://secunia.com/advisories/31462 http://secunia.com/advisories/31825 http://www.securityfocus.com/bid/30689 http://www.vupen.com/english/advisories/2008/2392 https://bugzilla.redhat.com/show_bug.cgi?id=459108 https://exchange.xforce.ibmcloud.com/vulnerabilities/44453 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html