Debian: DSA-1514-1 Critical: MoinMoin Remote Execution Vulnerabilities
debian
March 9, 2008
Several remote vulnerabilities have been discovered in MoinMoin, a
Python clone of WikiWiki
Topics Covered
Summary
A cross-site-scripting vulnerability has been discovered in
attachment handling.
CVE-2007-2637
Access control lists for calendars and includes were
insufficiently enforced, which could lead to information
disclosure.
CVE-2008-0780
A cross-site-scripting vulnerability has been discovered in
the login code.
CVE-2008-0781
A cross-site-scripting vulnerability has been discovered in
attachment handling.
CVE-2008-0782
A directory traversal vulnerability in cookie handling could
lead to local denial of service by overwriting files.
CVE-2008-1098
Cross-site-scripting vulnerabilities have been discovered in
the GUI editor formatter and the code to delete pages.
CVE-2008-1099
The macro code validates access control lists insufficiently,
which could lead to information disclosure.
For the stable distribution (etch), these problems have been fixed in
version 1.5.3-1.2etch1. This update also includes a bugfix wrt the
enco...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!