CVE-2012-2760
published 2012-07-25CVE-2012-2760: mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
PriorityP410low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
1.00%
58.6th percentile
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libapache2-mod-auth-openid | < libapache2-mod-auth-openid 0.7-0.1 (bullseye) | libapache2-mod-auth-openid 0.7-0.1 (bullseye) |
| findingscience | mod_auth_openid | <= 0.6 | — |
| findingscience | mod_auth_openid | — | — |
| findingscience | mod_auth_openid | — | — |
| findingscience | mod_auth_openid | — | — |
| findingscience | mod_auth_openid | — | — |
| findingscience | mod_auth_openid | — | — |
| findingscience | mod_auth_openid | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv2.1LOW
vendor_debian2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2012-2760: libapache2-mod-auth-openid - mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/m...
vendor_debian·2012·CVSS 2.1
CVE-2012-2760 [LOW] CVE-2012-2760: libapache2-mod-auth-openid - mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/m...
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
Scope: local
bullseye: resolved (fixed in 0.7-0.1)
GHSA
GHSA-4m35-7rw5-2cp2: mod_auth_openid before 0
ghsa_unreviewed·2022-05-17
CVE-2012-2760 [LOW] GHSA-4m35-7rw5-2cp2: mod_auth_openid before 0
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
OSV
CVE-2012-2760: mod_auth_openid before 0
osv·2012-07-25·CVSS 2.1
CVE-2012-2760 [LOW] CVE-2012-2760: mod_auth_openid before 0
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
No detection rules found.
http://archives.neohapsis.com/archives/fulldisclosure/2012-05/0235.htmlhttp://packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.htmlhttp://secunia.com/advisories/49247http://www.exploit-db.com/exploits/18917http://www.mandriva.com/security/advisories?name=MDVSA-2012:114http://www.osvdb.org/82139http://www.securityfocus.com/bid/53661https://exchange.xforce.ibmcloud.com/vulnerabilities/75813https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLoghttps://github.com/bmuller/mod_auth_openid/pull/30http://archives.neohapsis.com/archives/fulldisclosure/2012-05/0235.htmlhttp://packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.htmlhttp://secunia.com/advisories/49247http://www.exploit-db.com/exploits/18917http://www.mandriva.com/security/advisories?name=MDVSA-2012:114http://www.osvdb.org/82139http://www.securityfocus.com/bid/53661https://exchange.xforce.ibmcloud.com/vulnerabilities/75813https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLoghttps://github.com/bmuller/mod_auth_openid/pull/30
2012-07-25
Published