Main Vulnerability Database Vulnerabilities #VU41592

Input validation error in MediaWiki - CVE-2012-5395

Published: June 2, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41592

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-5395

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MediaWiki.org

Affected software:
MediaWiki

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie. Per: http://cwe.mitre.org/data/definitions/384.html "CWE-384: Session Fixation"

How to mitigate CVE-2012-5395

Install update from vendor's website.

Sources

http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html
https://bugzilla.wikimedia.org/show_bug.cgi?id=40962

Input validation error in MediaWiki - CVE-2012-5395

Detailed vulnerability description

How to mitigate CVE-2012-5395

Sources

Please verify you're human