Lucene search

[email protected]CVE-2012-6080

HistoryJan 03, 2013 - 1:55 a.m.

CVE-2012-6080

2013-01-0301:55:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2012-6080

directory traversal

moinmoin

vulnerability

security

nvd

6.5 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.007 Low

EPSS

Percentile

79.6%

JSON

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a … (dot dot) in a file name.

CPENameOperatorVersion
moinmo:moinmoinmoinmo moinmoineq1.9.3
moinmo:moinmoinmoinmo moinmoineq1.9.5
moinmo:moinmoinmoinmo moinmoineq1.9.4

CPE	Name	Operator	Version
moinmo:moinmoin	moinmo moinmoin	eq	1.9.3
moinmo:moinmoin	moinmo moinmoin	eq	1.9.5
moinmo:moinmoin	moinmo moinmoin	eq	1.9.4

References

hg.moinmo.in/moin/1.9/rev/3c27131a3c52

moinmo.in/SecurityFixes

secunia.com/advisories/51663

secunia.com/advisories/51676

secunia.com/advisories/51696

ubuntu.com/usn/usn-1680-1

www.debian.org/security/2012/dsa-2593

www.openwall.com/lists/oss-security/2012/12/30/6

www.securityfocus.com/bid/57076

bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599

6.5 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.007 Low

EPSS

Percentile

79.6%

JSON

Related for CVE-2012-6080

debiancve1 ubuntucve1 github1 prion1 osv1 cvelist1 nessus9 freebsd1 openvas10 thn2 gentoo1 fedora3