CVE-2012-6081

2012-12-2900:00:00

ubuntu.com

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.955 High

EPSS

Percentile

99.4%

JSON

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw
(action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions
in MoinMoin before 1.9.6 allow remote authenticated users with write
permissions to execute arbitrary code by uploading a file with an
executable extension, then accessing it via a direct request to the file in
an unspecified directory, as exploited in the wild in July 2012.

Bugs

Notes

Author	Note
jdstrand	CVE not assigned yet actively being exploit in the wild

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchmoin< 1.9.2-2ubuntu3.3UNKNOWN
ubuntu11.10noarchmoin< 1.9.3-1ubuntu1.11.10.2UNKNOWN
ubuntu12.04noarchmoin< 1.9.3-1ubuntu2.2UNKNOWN
ubuntu12.10noarchmoin< 1.9.3-1ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	moin	< 1.9.2-2ubuntu3.3	UNKNOWN
ubuntu	11.10	noarch	moin	< 1.9.3-1ubuntu1.11.10.2	UNKNOWN
ubuntu	12.04	noarch	moin	< 1.9.3-1ubuntu2.2	UNKNOWN
ubuntu	12.10	noarch	moin	< 1.9.3-1ubuntu3.1	UNKNOWN