| Vulnerability Name: | CCN-46460 | ||||||
| Published: | 2008-11-08 | ||||||
| Updated: | 2008-11-08 | ||||||
| Summary: | MoinMoin could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted HTTP request when processing overly long URLs to cause an error message to be returned containing the full installation path. An attacker could use this information to launch further attacks against the affected system. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:UR)
| ||||||
| Vulnerability Consequences: | Obtain Information | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, at Nov 08 2008 - 21:09:48 CST Multiple remote vulnerabilities MoinMoin v1.80 Source: CCN Type: MoinMoin Web site MoinMoinDownload Source: CCN Type: SA32686 MoinMoin Full Path Disclosure Weakness Source: CCN Type: OSVDB ID: 49752 MoinMoin URL Handling Error Message Path Disclosure Source: CCN Type: BID-32208 MoinMoin Cross-Site Scripting and Information Disclosure Vulnerabilities Source: XF Type: UNKNOWN moinmoin-url-path-disclosure(46460) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||