Summary
This host is installed with MoinMoin and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML or web script in a user's browser session in the context of an affected site, uplaod malicious script and overwrite arbitrary files via directory traversal sequences.
Impact Level: Application
Solution
Update to MoinMoin 1.9.6 or later,
For updates refer to http://moinmo.in/MoinMoinDownload
Insight
Multiple flaws due to,
- Certain input when handling the AttachFile action is not properly verified before being used to write files.
- The application allows the upload of files with arbitrary extensions to a folder inside the webroot when handling the twikidraw or anywikidraw actions.
- Input passed via page name in rss link is not properly sanitised before being displayed to the user.
Affected
MoinMoin version 1.9.x prior to 1.9.6
References
Severity
Classification
-
CVE CVE-2012-6080, CVE-2012-6081, CVE-2012-6082, CVE-2012-6495 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability