MoinMoin Wiki Security Bypass Vulnerability Network Vulnerability

Summary

This host is running MoinMoin Wiki and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow attackers to bypass intended access restrictions by requesting an item. Impact Level: Application

Solution

Upgrade MoinMoin Wiki 1.7.1-3 or latest, For updates refer to http://moinmo.in/MoinMoinDownload

Insight

The flaw is exists due to an error in handling of 'textcha' protection mechanism, which can be bypassed by modifying the 'textcha-question' and 'textcha-answer fields' to have empty values.

Affected

MoinMoin Wiki version 1.7.1 and prior

References

http://comments.gmane.org/gmane.comp.security.oss.general/2773
http://seclists.org/oss-sec/
http://www.debian.org/security/2010/dsa-2024

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1238

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
AdaptCMS 'init.php' Remote File Include Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability

Take action and discover your vulnerabilities