Lucene search
HistoryJun 02, 2014 - 3:55 p.m.
CVE-2012-5395
cve-2012-5395
mediawiki
centralauth
session fixation
vulnerability
hijack
web sessions
remote attackers
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.8%
Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.
Affected configurations
Node
mediawikimediawikiMatch1.20
Node
mediawikimediawikiMatch1.19
ORmediawikimediawikiMatch1.19beta_1
ORmediawikimediawikiMatch1.19beta_2
ORmediawikimediawikiMatch1.19.1
ORmediawikimediawikiMatch1.19.2
Node
mediawikimediawikiRange≤1.18.5
ORmediawikimediawikiMatch1.18
ORmediawikimediawikiMatch1.18beta_1
ORmediawikimediawikiMatch1.18.0
ORmediawikimediawikiMatch1.18.0rc1
ORmediawikimediawikiMatch1.18.1
ORmediawikimediawikiMatch1.18.2
ORmediawikimediawikiMatch1.18.3
ORmediawikimediawikiMatch1.18.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| mediawiki:mediawiki | mediawiki | eq | 1.20 |
Related
prion
prion
Session fixation
2014-06-02 15:55:00
cvelist
cvelist
CVE-2012-5395
2014-06-02 15:00:00
nvd
nvd
CVE-2012-5395
2014-06-02 15:55:08
nessus
nessus
MediaWiki < 1.18.6 / 1.19.3 / 1.20.1 Multiple Vulnerabilities
2012-12-14 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.8%
Related for CVE-2012-5395