Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-1150 | First vendor Publication | 2010-04-20 |
Vendor | Cve | Last vendor Modification | 2023-02-13 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1150 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13493 | |||
Oval ID: | oval:org.mitre.oval:def:13493 | ||
Title: | DSA-2041-1 mediawiki -- CSRF | ||
Description: | It was discovered that mediawiki, a website engine for collaborative work, is vulnerable to a Cross-Site Request Forgery login attack, which could be used to conduct phishing or similar attacks to users via affected mediawiki installations. Note that the fix used breaks the login API and may require clients using it to be updated. For the stable distribution, this problem has been fixed in version 1:1.12.0-2lenny5. For the testing distribution and the unstable distribution , this problem has been fixed in version 1:1.15.3-1. We recommend that you upgrade your mediawiki packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2041-1 CVE-2010-1150 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | mediawiki |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7264 | |||
Oval ID: | oval:org.mitre.oval:def:7264 | ||
Title: | DSA-2041 mediawiki -- Cross-Site Request Forgery | ||
Description: | It was discovered that mediawiki, a website engine for collaborative work, is vulnerable to a Cross-Site Request Forgery login attack, which could be used to conduct phishing or similar attacks to users via affected mediawiki installations. Note that the fix used breaks the login API and may require clients using it to be updated. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2041 CVE-2010-1150 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | mediawiki |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-14 | Name : FreeBSD Ports: mediawiki File : nvt/freebsd_mediawiki3.nasl |
2010-04-29 | Name : MediaWiki Login CSRF Vulnerability File : nvt/secpod_mediawiki_login_csrf_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63570 | MediaWiki Unspecified CSRF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-05-07 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_694da5b4587711df8d800015587e2cc1.nasl - Type : ACT_GATHER_INFO |
2010-05-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2041.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-02-13 09:29:11 |
|
2023-02-02 21:28:53 |
|
2021-05-04 12:11:27 |
|
2021-04-22 01:11:54 |
|
2020-05-24 01:06:25 |
|
2020-05-23 01:41:51 |
|
2020-05-23 00:25:30 |
|
2018-10-23 12:02:42 |
|
2016-04-26 19:41:42 |
|
2014-02-17 10:54:26 |
|
2013-05-10 23:21:27 |
|