Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2013:073 | First vendor Publication | 2013-04-08 |
| Vendor | Mandriva | Last vendor Modification | 2013-04-08 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Updated dokuwiki package fixes security vulnerabilities: DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files (CVE-2011-3727). A full path disclosure flaw was found in the way DokuWiki, a standards compliant, simple to use Wiki, performed sanitization of HTTP POST 'prefix' input value prior passing it to underlying PHP substr() routine, when the PHP error level has been enabled on the particular server. A remote attacker could use this flaw to obtain full path location of particular requested DokuWiki page by issuing a specially-crafted HTTP POST request (CVE-2012-3354). |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:073 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 | |
| Os | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-11-02 | Name : Fedora Update for dokuwiki FEDORA-2012-16605 File : nvt/gb_fedora_2012_16605_dokuwiki_fc16.nasl |
| 2012-11-02 | Name : Fedora Update for dokuwiki FEDORA-2012-16614 File : nvt/gb_fedora_2012_16614_dokuwiki_fc17.nasl |
| 2011-09-30 | Name : DokuWiki '.php' Files Information Disclosure Vulnerability File : nvt/secpod_dokuwiki_php_info_disc_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 75763 | DokuWiki Multiple Script Direct Request Path Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-04-20 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2013-073.nasl - Type : ACT_GATHER_INFO |
| 2013-01-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-07.nasl - Type : ACT_GATHER_INFO |
| 2012-10-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-16605.nasl - Type : ACT_GATHER_INFO |
| 2012-10-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-16614.nasl - Type : ACT_GATHER_INFO |
| 2012-10-25 | Name : The remote Fedora host is missing a security update. File : fedora_2012-16550.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:43:30 |
|
| 2013-04-09 00:18:17 |
|
