Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1580

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-1580
Last Modified 10 Sep 2012 01:07:02
Published 09 Sep 2012 05:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1580

Summary

Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.

Vulnerable Systems

Application

  • Mediawiki 1.17

  • Mediawiki 1.17.0

  • Mediawiki 1.17.1

  • Mediawiki 1.17.2

  • Mediawiki 1.18

  • Mediawiki 1.18.0

  • Mediawiki 1.18.1


References

CONFIRM - https://bugzilla.wikimedia.org/show_bug.cgi?id=35317

XF - mediawiki-specialupload-csrf(74286)

BID - 52689

MLIST - [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2

MLIST - [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2

SECUNIA - 48504

OSVDB - 80364

MLIST - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2

MLIST - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3


Last Updated: 27 May 2016 11:00:32