Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone Networks GmbHOPENVAS:1361412562310800989
HistoryFeb 19, 2010 - 12:00 a.m.

DokuWiki Multiple Cross Site Request Forgery Vulnerabilities

2010-02-1900:00:00
Copyright (C) 2010 Greenbone Networks GmbH
plugins.openvas.org
15

0.003 Low

EPSS

Percentile

67.7%

JSON

This host is installed with Dokuwiki and is prone to multiple Cross
Site Scripting vulnerabilities.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_dokuwiki_mult_csrf_vuln.nasl 13960 2019-03-01 13:18:27Z cfischer $
#
# DokuWiki Multiple Cross Site Request Forgery Vulnerabilities
#
# Authors:
# Rachana Shetty <[email protected]>
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:dokuwiki:dokuwiki";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.800989");
  script_version("$Revision: 13960 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-01 14:18:27 +0100 (Fri, 01 Mar 2019) $");
  script_tag(name:"creation_date", value:"2010-02-19 11:58:13 +0100 (Fri, 19 Feb 2010)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-2010-0289");
  script_name("DokuWiki Multiple Cross Site Request Forgery Vulnerabilities");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
  script_family("Web application abuses");
  script_dependencies("gb_dokuwiki_detect.nasl");
  script_require_ports("Services/www", 80);
  script_mandatory_keys("dokuwiki/installed");

  script_xref(name:"URL", value:"http://secunia.com/advisories/38205");
  script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2010/0150");
  script_xref(name:"URL", value:"http://bugs.splitbrain.org/index.php?do=details&task_id=1853");

  script_tag(name:"impact", value:"Successful exploitation allows attackers to conduct cross site request
  forgery attacks via unknown vectors.");
  script_tag(name:"affected", value:"Dokuwiki versions prior to 2009-12-25c");
  script_tag(name:"insight", value:"The flaws are due to error in 'ACL' Manager plugin (plugins/acl/ajax.php) that
  allows users to perform certain actions via HTTP requests without performing
  any validity checks.");
  script_tag(name:"solution", value:"Update to version 2009-12-25c or later.");
  script_tag(name:"summary", value:"This host is installed with Dokuwiki and is prone to multiple Cross
  Site Scripting vulnerabilities.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner");

  script_xref(name:"URL", value:"http://www.splitbrain.org/go/dokuwiki");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( ! port = get_app_port( cpe:CPE ) ) exit( 0 );
if( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );

if( version_is_less( version:vers, test_version:"2009-12-25c" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"2009-12-25c" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

debiancve 1
cve 1
prion 1
ubuntucve 1
openvas 7
nessus 5
debian 3
securityvulns 2
freebsd 1
osv 1
gentoo 1
debiancve
debiancve
CVE-2010-0289
2010-02-15 18:30:00
cve
cve
CVE-2010-0289
2010-02-15 18:30:00
prion
prion
Cross site request forgery (csrf)
2010-02-15 18:30:00
ubuntucve
ubuntucve
CVE-2010-0289
2010-02-15 00:00:00
openvas
openvas
Fedora Update for dokuwiki FEDORA-2010-0770
2010-03-02 00:00:00
Fedora Update for dokuwiki FEDORA-2010-0770
2010-03-02 00:00:00
Fedora Update for dokuwiki FEDORA-2010-0800
2010-03-02 00:00:00
nessus
nessus
Fedora 11 : dokuwiki-0-0.4.20091225.c.fc11 (2010-0770)
2010-07-01 00:00:00
Fedora 12 : dokuwiki-0-0.4.20091225.c.fc12 (2010-0800)
2010-07-01 00:00:00
Debian DSA-1976-1 : dokuwiki - several vulnerabilities
2010-02-24 00:00:00
debian
debian
[Backports-security-announce] Security Update for dokuwiki
2010-02-04 19:59:59
[Backports-security-announce] Security Update for dokuwiki
2010-02-04 20:00:25
[SECURITY] [DSA-1976-1] New dokuwiki packages fix several vulnerabilities
2010-01-22 16:11:52
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2010-01-23 00:00:00
[SECURITY] [DSA-1976-1] New dokuwiki packages fix several vulnerabilities
2010-01-23 00:00:00
freebsd
freebsd
dokuwiki -- multiple vulnerabilities
2010-01-17 00:00:00
osv
osv
dokuwiki - several vulnerabilities
2010-01-22 00:00:00
gentoo
gentoo
DokuWiki: Multiple vulnerabilities
2013-01-09 00:00:00

0.003 Low

EPSS

Percentile

67.7%

JSON
Related for OPENVAS:1361412562310800989
debiancve1cve1prion1ubuntucve1openvas7nessus5debian3securityvulns2freebsd1osv1gentoo1