CVE-2005-0535

Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/14360	Patch Vendor Advisory
http://securitytracker.com/id?1013260	Patch Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=307067	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mediawiki:mediawiki:1.3:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.3.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.3.2:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.3.3:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.3.4:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.3.5:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.3.6:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.3.7:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.3.8:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.3.9:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.3.10:::::::*

Configuration 2 (hide)

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-02-22 05:00

Updated : 2011-03-08 02:20

NVD link : CVE-2005-0535

Mitre link : CVE-2005-0535

CVE.ORG link : CVE-2005-0535

JSON object : View

Products Affected

gentoo

linux

mediawiki

mediawiki

CWE

NVD-CWE-Other

{"id": "CVE-2005-0535", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-02-22T05:00:00.000", "references": [{"url": "http://secunia.com/advisories/14360", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1013260", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=307067", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users."}], "lastModified": "2011-03-08T02:20:12.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10