Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3354

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3354
Last Modified 13 Dec 2013 12:02:31
Published 19 Nov 2012 07:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3354

Summary

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

Vulnerable Systems

Operating System

  • Fedoraproject Fedora 16

  • Fedoraproject Fedora 17

  • Fedoraproject Fedora 18

Application

  • Andreas Gohr Dokuwiki -

  • Dokuwiki -


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=835145

MLIST - [oss-security] 20120624 Re: CVE request: Full path disclosure in DokuWiki

MLIST - [oss-security] 20120624 CVE request: Full path disclosure in DokuWiki

MISC - http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure

FEDORA - FEDORA-2012-16605

FEDORA - FEDORA-2012-16614

FEDORA - FEDORA-2012-16550

MANDRIVA - MDVSA-2013:073


Last Updated: 27 May 2016 10:55:05