Lucene search

[email protected]CVE-2008-6603

HistoryApr 03, 2009 - 6:30 p.m.

CVE-2008-6603

2009-04-0318:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-6603

moinmoin

acl

bypass

remote attackers

6.4 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.

CPENameOperatorVersion
moinmo:moinmoinmoinmo moinmoineq1.7.0
moinmo:moinmoinmoinmo moinmoineq1.6.2

CPE	Name	Operator	Version
moinmo:moinmoin	moinmo moinmoin	eq	1.7.0
moinmo:moinmoin	moinmo moinmoin	eq	1.6.2

References

hg.moinmo.in/moin/1.6/rev/543ae9bdbe26

hg.moinmo.in/moin/1.7/rev/88356b3f849a

moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter

moinmo.in/SecurityFixes

osvdb.org/48875

www.securityfocus.com/bid/34655

www.vupen.com/english/advisories/2008/1307

exchange.xforce.ibmcloud.com/vulnerabilities/41911

6.4 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

Related for CVE-2008-6603

prion3 osv3 ubuntucve3 github3 debiancve3 cvelist3 cve2 nessus2 openvas4 freebsd1 gentoo1