CVE-2010-0717
published 2010-02-26CVE-2010-0717: The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact…
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.97%
78.0th percentile
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | <= 1.8.6 | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MoinMoin vulnerabilities
vendor_ubuntu·2010-03-11·CVSS 6.8
CVE-2010-0668 [MEDIUM] MoinMoin vulnerabilities
Title: MoinMoin vulnerabilities
Summary: MoinMoin vulnerabilities
It was discovered that several wiki actions and preference settings in
MoinMoin were not protected from cross-site request forgery (CSRF). If an
authenticated user were tricked into visiting a malicious website while
logged into MoinMoin, a remote attacker could change the user's
configuration or wiki content. (CVE-2010-0668, CVE-2010-0717)
It was discovered that MoinMoin did not properly sanitize its input when
processing user preferences. An attacker could enter malicious content
which when viewed by a user, could render in unexpected ways.
(CVE-2010-0669)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
Moin: Security fixes in v1.8.7, v1.9.2
vendor_redhat·2010-02-01·CVSS 7.5
CVE-2010-0717 [HIGH] Moin: Security fixes in v1.8.7, v1.9.2
Moin: Security fixes in v1.8.7, v1.9.2
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.
OSV
MoinMoin has improper default configuration
osv·2022-05-02
CVE-2010-0717 [HIGH] MoinMoin has improper default configuration
MoinMoin has improper default configuration
The default configuration of `cfg.packagepages_actions_excluded` in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.
GHSA
MoinMoin has improper default configuration
ghsa·2022-05-02
CVE-2010-0717 [HIGH] MoinMoin has improper default configuration
MoinMoin has improper default configuration
The default configuration of `cfg.packagepages_actions_excluded` in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.
OSV
CVE-2010-0717: The default configuration of cfg
osv·2010-02-26
CVE-2010-0717 CVE-2010-0717: The default configuration of cfg
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.
Suricata
GPL NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt
suricata·2010-09-23
CVE-2003-0717 GPL NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt
GPL NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt"; flow:established,to_server; content:"|FF|SMB%"; depth:5; offset:4; nocase; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00|"; within:12; distance:5; nocase; content:"|04 00|"; within:2; byte_test:1,>,15,2,relative; byte_jump:4,86,little,align,relative; byte_jump:4,8,little,align,relative; byte_test:4,>,1024,0,little,relative; reference:bugtraq,8826; reference:cve,2003-0717; reference:nessus,11888; reference:nessus,11890; reference:url,www.microsoft.com/technet/security/bulletin/MS03-043.mspx; classtype:attempted-admin; sid:2102258; rev:11; metadata:created_at 2010
Suricata
GPL RPC portmap ttdbserv request UDP
suricata·2010-09-23
CVE-1999-0003 GPL RPC portmap ttdbserv request UDP
GPL RPC portmap ttdbserv request UDP
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"GPL RPC portmap ttdbserv request UDP"; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 86 F3|"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; reference:arachnids,24; reference:bugtraq,122; reference:bugtraq,3382; reference:cve,1999-0003; reference:cve,1999-0687; reference:cve,1999-1075; reference:cve,2001-0717; reference:url,www.cert.org/advisories/CA-2001-05.html; classtype:rpc-portmap-decode; sid:2100588; rev:18; metadata:created_at 2010_09_23, cve CVE_1999_0003, signature_severity Informational, updated_at 2019_07_26;)
Suricata
GPL NETBIOS DCERPC Messenger Service buffer overflow attempt
suricata·2010-09-23
CVE-2003-0717 GPL NETBIOS DCERPC Messenger Service buffer overflow attempt
GPL NETBIOS DCERPC Messenger Service buffer overflow attempt
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"GPL NETBIOS DCERPC Messenger Service buffer overflow attempt"; content:"|04 00|"; depth:2; byte_test:1,>,15,2,relative; byte_jump:4,86,little,align,relative; byte_jump:4,8,little,align,relative; byte_test:4,>,1024,0,little,relative; reference:bugtraq,8826; reference:cve,2003-0717; reference:nessus,11888; reference:nessus,11890; reference:url,www.microsoft.com/technet/security/bulletin/MS03-043.mspx; classtype:attempted-admin; sid:2102257; rev:10; metadata:created_at 2010_09_23, cve CVE_2003_0717, confidence High, signature_severity Informational, updated_at 2019_07_26;)
Suricata
GPL RPC portmap ttdbserv request TCP
suricata·2010-09-23
CVE-1999-0003 GPL RPC portmap ttdbserv request TCP
GPL RPC portmap ttdbserv request TCP
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"GPL RPC portmap ttdbserv request TCP"; flow:established,to_server; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 86 F3|"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; reference:arachnids,24; reference:bugtraq,122; reference:bugtraq,3382; reference:cve,1999-0003; reference:cve,1999-0687; reference:cve,1999-1075; reference:cve,2001-0717; reference:url,www.cert.org/advisories/CA-2001-05.html; classtype:rpc-portmap-decode; sid:2101274; rev:20; metadata:created_at 2010_09_23, cve CVE_1999_0003, signature_severity Informational, updated_at 2024_03_08;)
No public exploits indexed.
Bugzilla
CVE-2010-2487 moin: Multiple XSS issues
bugzilla·2010-06-07·CVSS 4.3
CVE-2010-2487 [MEDIUM] CVE-2010-2487 moin: Multiple XSS issues
CVE-2010-2487 moin: Multiple XSS issues
A possible reflected cross-site scripting attack was discovered in Moin [1]. An attacker able to cause a user to follow a specially crafted malicious link may be able to recover session identifiers or exploit browser vulnerabilities, due to a vulnerable template parameter. The upstream bug report links to patches to correct the flaw.
[1] http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
Discussion:
Created moin tracking bugs for this issue
Affects: fedora-all [bug 601400]
---
moin-1.8.8-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/moin-1.8.8-1.fc12
---
moin-1.8.8-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/moin-1.8.8-1.fc11
---
mo
Bugzilla
CVE-2010-0668 CVE-2010-0669 CVE-2010-0717 Moin: Security fixes in v1.8.7, v1.9.2
bugzilla·2010-02-15·CVSS 6.8
CVE-2010-0668 [MEDIUM] CVE-2010-0668 CVE-2010-0669 CVE-2010-0717 Moin: Security fixes in v1.8.7, v1.9.2
CVE-2010-0668 CVE-2010-0669 CVE-2010-0717 Moin: Security fixes in v1.8.7, v1.9.2
Multiple security issues have been reported in Moin:
[1] http://moinmo.in/SecurityFixes
[2] http://secunia.com/advisories/38444/
Upstream Moin v1.8.7 version was released:
[3] http://moinmo.in/
Addressing "major security issues in miscellaneous
parts of moin.":
[4] http://moinmo.in/MoinMoinRelease1.8
[5] http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES
CVE Request:
[6] http://www.openwall.com/lists/oss-security/2010/02/15/2
Other references:
[7] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975
As mentioned in [7]:
" 2) it's not just a single patch,
it is quite much, you don't want to apply them
manually. if you need it now, do a repo checkout
and you'll have 1.9.2pre kind of"
Discussion:
http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGEShttp://moinmo.in/MoinMoinRelease1.8http://secunia.com/advisories/38903http://www.debian.org/security/2010/dsa-2014http://www.openwall.com/lists/oss-security/2010/02/15/2http://www.vupen.com/english/advisories/2010/0600https://exchange.xforce.ibmcloud.com/vulnerabilities/56595http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGEShttp://moinmo.in/MoinMoinRelease1.8http://secunia.com/advisories/38903http://www.debian.org/security/2010/dsa-2014http://www.openwall.com/lists/oss-security/2010/02/15/2http://www.vupen.com/english/advisories/2010/0600https://exchange.xforce.ibmcloud.com/vulnerabilities/56595
2010-02-26
Published