CVE-2012-5395

Severity

68%

Complexity

86%

Confidentiality

106%

Per: http://cwe.mitre.org/data/definitions/384.html "CWE-384: Session Fixation"

Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.

Per: http://cwe.mitre.org/data/definitions/384.html "CWE-384: Session Fixation"

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 10 years ago

2014-06-02 15:55:00

Last updated 10 years ago

2014-06-03 12:09:00

Affected Software

MediaWiki MediaWiki 1.20

1.20

MediaWiki 1.19

1.19

MediaWiki 1.19 beta 1

1.19

MediaWiki 1.19 beta 2

1.19

MediaWiki MediaWiki 1.19.1

1.19.1

MediaWiki MediaWiki 1.19.2

1.19.2

MediaWiki 1.18

1.18

MediaWiki 1.18 beta 1

1.18

MediaWiki 1.18.0

1.18.0

MediaWiki 1.18.0 release candidate 1

1.18.0

MediaWiki 1.18.1

1.18.1

MediaWiki 1.18.2

1.18.2

MediaWiki 1.18.3

1.18.3

MediaWiki 1.18.4

1.18.4

Mediawiki

References

[MediaWiki-announce] 20121130 MediaWiki security release: 1.20.1, 1.19.3 and 1.18.6

Vendor Advisory

https://bugzilla.wikimedia.org/show_bug.cgi?id=40962

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.