Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6080

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-6080
Last Modified 03 Jan 2013 12:00:00
Published 02 Jan 2013 08:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-6080

Summary

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.

Vulnerable Systems

Application

  • Moinmoin 1.9.3

  • Moinmoin 1.9.4

  • Moinmoin 1.9.5


References

MISC - https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599

BID - 57076

MLIST - [oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)

DEBIAN - DSA-2593

UBUNTU - USN-1680-1

SECUNIA - 51696

SECUNIA - 51676

SECUNIA - 51663

CONFIRM - http://moinmo.in/SecurityFixes

CONFIRM - http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52


Last Updated: 27 May 2016 10:57:37