CVE-2009-4762

Sažetak

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.

Reference

http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/39887
http://ubuntu.com/usn/usn-941-1
http://www.debian.org/security/2010/dsa-2014
http://www.securityfocus.com/bid/35277
http://www.vupen.com/english/advisories/2010/0600
http://www.vupen.com/english/advisories/2010/1208

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

27-05-2010 - 05:47

Objavljeno

29-03-2010 - 20:30