WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Session Fixation Vulnerability (CVE-2013-4572)

Description

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

Remediation

References

Related Vulnerabilities

WordPress Plugin Quick Chat Cross-Site Scripting (4.14)

Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.12)

WordPress Plugin WP SMS Cross-Site Scripting (5.4.9)

Oracle JRE CVE-2014-0448 Vulnerability (CVE-2014-0448)

WordPress Plugin WordPress Poll Multiple SQL Injection and Security Bypass Vulnerabilities (34.04)

Severity

High

Classification

CVE-2013-4572 CWE-384 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities