Lucene search

[email protected]CVE-2012-2128

HistoryAug 27, 2012 - 9:55 p.m.

CVE-2012-2128

2012-08-2721:55:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-2128

dokuwiki

csrf

vulnerability

remote attackers

authentication hijacking

6.6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: “the exploit code simply uses the XSS hole to extract a valid CSRF token.”

CPENameOperatorVersion
andreas_gohr:dokuwikiandreas gohr dokuwikieq2012-01-25

CPE	Name	Operator	Version
andreas_gohr:dokuwiki	andreas gohr dokuwiki	eq	2012-01-25

References

bugs.dokuwiki.org/index.php?do=details&task_id=2488

ircrash.com/uploads/dokuwiki.txt

seclists.org/bugtraq/2012/Apr/121

secunia.com/advisories/48848

www.openwall.com/lists/oss-security/2012/04/22/4

www.openwall.com/lists/oss-security/2012/04/23/1

www.securityfocus.com/bid/53041

bugzilla.redhat.com/show_bug.cgi?id=815122

exchange.xforce.ibmcloud.com/vulnerabilities/74907

6.6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for CVE-2012-2128

openvas11 prion2 nessus4 fedora4 ubuntucve2 freebsd1 debiancve2 cve1