Vulnerability Name:

CVE-2010-0288 (CCN-56426)

Assigned:2010-01-14
Published:2010-01-14
Updated:2019-09-23
Summary:A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.splitbrain.org/index.php?do=details&task_id=1847

Source: MITRE
Type: CNA
CVE-2010-0288

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-0770

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-0800

Source: OSVDB
Type: UNKNOWN
61710

Source: CCN
Type: SA38183
DokuWiki Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
38183

Source: GENTOO
Type: UNKNOWN
GLSA-201301-07

Source: DEBIAN
Type: UNKNOWN
DSA-1976

Source: DEBIAN
Type: DSA-1976
dokuwiki -- several vulnerabilities

Source: EXPLOIT-DB
Type: UNKNOWN
11141

Source: CCN
Type: OSVDB ID: 61710
DokuWiki lib/plugins/acl/ajax.php Access Control Rule Authentication Bypass

Source: BID
Type: UNKNOWN
37820

Source: CCN
Type: BID-37820
DokuWiki 'ajax.php' Multiple Security Bypass Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security

Source: CCN
Type: DokuWiki Web site
DokuWiki

Source: VUPEN
Type: UNKNOWN
ADV-2010-0150

Source: XF
Type: UNKNOWN
dokuwiki-ajax-security-bypass(55661)

Source: XF
Type: UNKNOWN
dokuwiki-ajax-priv-escalation(56426)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:dokuwiki:dokuwiki:2004-07-04:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-07:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-12:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-21:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-25:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-08:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-15a:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-22:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-12:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-25:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-30:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-01:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-02:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-10:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-14:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-15:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-16a:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-02-06:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-02-18:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-05-07:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-07-01:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-07-13:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-09-19:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-09-22:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-05:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-09:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-09e:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-06-04:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:* (Version <= release_2009-02-14)

    • Configuration CCN 1:
  • cpe:/a:dokuwiki:dokuwiki:2006-06-04:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-09e:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-09:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-05:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-09-22:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-09-19:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-07-13:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-07-01:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-05-07:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-02-18:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-02-06:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-16a:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-15:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-14:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-10:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-02:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-01:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-30:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-25:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-12:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-22:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-15a:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-08:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-25:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-21:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-12:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-07:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-04:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:release_2009-02-14:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:20271
    P
    		DSA-1976-1 dokuwiki - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:6751
    P
    		DSA-1976 dokuwiki -- several vulnerabilities
    2014-06-23
    oval:com.ubuntu.artful:def:20100288000
    V
    		CVE-2010-0288 on Ubuntu 17.10 (artful) - medium.
    2010-02-15
    oval:com.ubuntu.xenial:def:20100288000
    V
    		CVE-2010-0288 on Ubuntu 16.04 LTS (xenial) - medium.
    2010-02-15
    oval:com.ubuntu.bionic:def:201002880000000
    V
    		CVE-2010-0288 on Ubuntu 18.04 LTS (bionic) - medium.
    2010-02-15
    oval:com.ubuntu.bionic:def:20100288000
    V
    		CVE-2010-0288 on Ubuntu 18.04 LTS (bionic) - medium.
    2010-02-15
    oval:com.ubuntu.xenial:def:201002880000000
    V
    		CVE-2010-0288 on Ubuntu 16.04 LTS (xenial) - medium.
    2010-02-15
    oval:com.ubuntu.precise:def:20100288000
    V
    		CVE-2010-0288 on Ubuntu 12.04 LTS (precise) - medium.
    2010-02-15
    oval:com.ubuntu.trusty:def:20100288000
    V
    		CVE-2010-0288 on Ubuntu 14.04 LTS (trusty) - medium.
    2010-02-15
    oval:org.debian:def:1976
    V
    		several vulnerabilities
    2010-01-22
    BACK
    dokuwiki dokuwiki 2004-07-04
    dokuwiki dokuwiki 2004-07-07
    dokuwiki dokuwiki 2004-07-12
    dokuwiki dokuwiki 2004-07-21
    dokuwiki dokuwiki 2004-07-25
    dokuwiki dokuwiki 2004-08-08
    dokuwiki dokuwiki 2004-08-15a
    dokuwiki dokuwiki 2004-08-22
    dokuwiki dokuwiki 2004-09-12
    dokuwiki dokuwiki 2004-09-25
    dokuwiki dokuwiki 2004-09-30
    dokuwiki dokuwiki 2004-11-01
    dokuwiki dokuwiki 2004-11-02
    dokuwiki dokuwiki 2004-11-10
    dokuwiki dokuwiki 2005-01-14
    dokuwiki dokuwiki 2005-01-15
    dokuwiki dokuwiki 2005-01-16a
    dokuwiki dokuwiki 2005-02-06
    dokuwiki dokuwiki 2005-02-18
    dokuwiki dokuwiki 2005-05-07
    dokuwiki dokuwiki 2005-07-01
    dokuwiki dokuwiki 2005-07-13
    dokuwiki dokuwiki 2005-09-19
    dokuwiki dokuwiki 2005-09-22
    dokuwiki dokuwiki 2006-03-05
    dokuwiki dokuwiki 2006-03-09
    dokuwiki dokuwiki 2006-03-09e
    dokuwiki dokuwiki 2006-06-04
    dokuwiki dokuwiki *
    dokuwiki dokuwiki release_2006-06-04
    dokuwiki dokuwiki release_2006-03-09e
    dokuwiki dokuwiki release_2006-03-09
    dokuwiki dokuwiki release_2006-03-05
    dokuwiki dokuwiki release_2005-09-22
    dokuwiki dokuwiki release_2005-09-19
    dokuwiki dokuwiki release_2005-07-13
    dokuwiki dokuwiki release_2005-07-01
    dokuwiki dokuwiki release_2005-05-07
    dokuwiki dokuwiki release_2005-02-18
    dokuwiki dokuwiki release_2005-02-06
    dokuwiki dokuwiki release_2005-01-16a
    dokuwiki dokuwiki release_2005-01-15
    dokuwiki dokuwiki release_2005-01-14
    dokuwiki dokuwiki release_2004-11-10
    dokuwiki dokuwiki release_2004-11-02
    dokuwiki dokuwiki release_2004-11-01
    dokuwiki dokuwiki release_2004-09-30
    dokuwiki dokuwiki release_2004-09-25
    dokuwiki dokuwiki release_2004-09-12
    dokuwiki dokuwiki release_2004-08-22
    dokuwiki dokuwiki release_2004-08-15a
    dokuwiki dokuwiki release_2004-08-08
    dokuwiki dokuwiki release_2004-07-25
    dokuwiki dokuwiki release_2004-07-21
    dokuwiki dokuwiki release_2004-07-12
    dokuwiki dokuwiki release_2004-07-07
    dokuwiki dokuwiki release_2004-07-04
    dokuwiki dokuwiki release_2009-02-14
    debian debian linux 5.0