Executive Summary
Summary | |
---|---|
Title | MoinMoin vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1604-1 | First vendor Publication | 2012-10-11 |
Vendor | Ubuntu | Last vendor Modification | 2012-10-11 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in MoinMoin. Software Description: - moin: Collaborative hypertext environment Details: It was discovered that MoinMoin did not properly sanitize certain input, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2011-1058) It was discovered that MoinMoin incorrectly handled group names that contain virtual group names such as "All", "Known" or "Trusted". This could result in a remote user having incorrect permissions. (CVE-2012-4404) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: Ubuntu 11.10: Ubuntu 11.04: Ubuntu 10.04 LTS: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1604-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15278 | |||
Oval ID: | oval:org.mitre.oval:def:15278 | ||
Title: | DSA-2321-1 moin -- cross-site scripting | ||
Description: | A cross-site scriping vulnerability was discovered in the rst parser of Moin, a Python clone of WikiWiki. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2321-1 CVE-2011-1058 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | moin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17640 | |||
Oval ID: | oval:org.mitre.oval:def:17640 | ||
Title: | USN-1604-1 -- moin vulnerabilities | ||
Description: | Several security issues were fixed in MoinMoin. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1604-1 CVE-2011-1058 CVE-2012-4404 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | moin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17914 | |||
Oval ID: | oval:org.mitre.oval:def:17914 | ||
Title: | DSA-2538-1 moin - privilege escalation | ||
Description: | It was discovered that Moin, a Python clone of WikiWiki, incorrectly evaluates ACLs when virtual groups are involved. This may allow certain users to have additional permissions (privilege escalation) or lack expected permissions. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2538-1 CVE-2012-4404 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | moin |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-22 | Name : Gentoo Security Advisory GLSA 201210-02 (MoinMoin) File : nvt/glsa_201210_02.nasl |
2012-10-12 | Name : Ubuntu Update for moin USN-1604-1 File : nvt/gb_ubuntu_USN_1604_1.nasl |
2012-09-22 | Name : Fedora Update for moin FEDORA-2012-13400 File : nvt/gb_fedora_2012_13400_moin_fc16.nasl |
2012-09-22 | Name : Fedora Update for moin FEDORA-2012-13408 File : nvt/gb_fedora_2012_13408_moin_fc17.nasl |
2012-09-15 | Name : Debian Security Advisory DSA 2538-1 (moin) File : nvt/deb_2538_1.nasl |
2012-09-07 | Name : FreeBSD Ports: moinmoin File : nvt/freebsd_moinmoin7.nasl |
2012-09-07 | Name : FreeBSD Ports: moinmoin File : nvt/freebsd_moinmoin8.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2321-1 (moin) File : nvt/deb_2321_1.nasl |
2011-03-08 | Name : Fedora Update for moin FEDORA-2011-2156 File : nvt/gb_fedora_2011_2156_moin_fc14.nasl |
2011-03-08 | Name : Fedora Update for moin FEDORA-2011-2157 File : nvt/gb_fedora_2011_2157_moin_fc13.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71025 | MoinMoin reStructuredText Parser refuri Parameter XSS MoinMoin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the input passed via the 'refuri' node attribute upon submission to the reStructuredText parser in 'parser/text_rst.py'. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-10-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201210-02.nasl - Type : ACT_GATHER_INFO |
2012-10-12 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1604-1.nasl - Type : ACT_GATHER_INFO |
2012-09-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13400.nasl - Type : ACT_GATHER_INFO |
2012-09-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13408.nasl - Type : ACT_GATHER_INFO |
2012-09-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13528.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2538.nasl - Type : ACT_GATHER_INFO |
2012-09-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4a8a98abf74511e18bd80022156e8794.nasl - Type : ACT_GATHER_INFO |
2012-09-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4f99e2eff72511e18bd80022156e8794.nasl - Type : ACT_GATHER_INFO |
2011-10-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2321.nasl - Type : ACT_GATHER_INFO |
2011-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2156.nasl - Type : ACT_GATHER_INFO |
2011-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2157.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2219.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:00:56 |
|