Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1937

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1937
Last Modified 07 Mar 2011 10:08:16
Published 25 Apr 2008 02:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1937

Summary

The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.

Vulnerable Systems

Application

  • Moinmoin 1.6.0

  • Moinmoin 1.6.1

  • Moinmoin 1.6.2


References

BID - 28869

XF - moinmoin-userform-security-bypass(41909)

VUPEN - ADV-2008-1307

GENTOO - GLSA-200805-09

SECUNIA - 30160

SECUNIA - 29894

CONFIRM - http://moinmo.in/SecurityFixes

CONFIRM - http://hg.moinmo.in/moin/1.6/rev/f405012e67af


Last Updated: 27 May 2016 10:47:42