CVE-2012-2760

mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

NVD 7 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Findingscience ≫ Mod Auth Openid SwPlatformapache Version <= 0.6

Findingscience ≫ Mod Auth Openid Version0.1 SwPlatformapache

Findingscience ≫ Mod Auth Openid Version0.2 SwPlatformapache

Findingscience ≫ Mod Auth Openid Version0.2.1 SwPlatformapache

Findingscience ≫ Mod Auth Openid Version0.3 SwPlatformapache

Findingscience ≫ Mod Auth Openid Version0.4 SwPlatformapache

Findingscience ≫ Mod Auth Openid Version0.5 SwPlatformapache

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1%	0.584

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://archives.neohapsis.com/archives/fulldisclosure/2012-05/0235.html

http://packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.html

http://secunia.com/advisories/49247

Vendor Advisory

http://www.exploit-db.com/exploits/18917

http://www.mandriva.com/security/advisories?name=MDVSA-2012:114

http://www.osvdb.org/82139

http://www.securityfocus.com/bid/53661

https://exchange.xforce.ibmcloud.com/vulnerabilities/75813

https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog

https://github.com/bmuller/mod_auth_openid/pull/30

CVE Source (NVD)

CVE Source (JSON)

EUVD

Team-orientierte Vulnerability Management Plattform