CVE-2012-5391

Published Jun 2, 2014

Last updated 7 years ago

CVSS info 6.8

Overview

Description: Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: Per: http://cwe.mitre.org/data/definitions/384.html "CWE-384: Session Fixation"
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A778F48-5CC3-4823-B9BA-C9C53966ECA3",
            "versionEndIncluding": "1.18.5"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BF1EE8B-18BA-49AE-BAA1-187A2F5B1D06"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F46B49A-D5B6-458E-8217-A5F5B045B76F"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C260B25-06D8-4EA3-9C78-C0F608CFC390"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23"
          },
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References