Executive Summary

Title MoinMoin vulnerabilities
NameUSN-977-1First vendor Publication2010-08-25
VendorUbuntuLast vendor Modification2010-08-25
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
python2.4-moinmoin 1.5.2-1ubuntu2.7

Ubuntu 8.04 LTS:
python-moinmoin 1.5.8-5.1ubuntu2.5

Ubuntu 9.04:
python-moinmoin 1.8.2-2ubuntu2.5

Ubuntu 9.10:
python-moinmoin 1.8.4-1ubuntu1.3

Ubuntu 10.04 LTS:
python-moinmoin 1.9.2-2ubuntu3.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that MoinMoin did not properly sanitize its input, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

Original Source

Url : http://www.ubuntu.com/usn/USN-977-1

Alert History

If you want to see full details history, please login or register.
2016-04-27 00:37:32
  • Multiple Updates
2014-02-17 12:07:01
  • Multiple Updates
2013-05-11 00:56:29
  • Multiple Updates