Lucene search
PRIOn knowledge basePRION:CVE-2012-2760HistoryJul 25, 2012 - 7:55 p.m.
Design/Logic Flaw
2012-07-2519:55:00
PRIOn knowledge base
www.prio-n.com
2
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mod_auth_openid | eq | 0.2 | |
| mod_auth_openid | eq | 0.1 | |
| mod_auth_openid | eq | 0.4 | |
| mod_auth_openid | eq | 0.3 | |
| mod_auth_openid | eq | 0.2.1 | |
| mod_auth_openid | le | 0.6 | |
| mod_auth_openid | eq | 0.5 |
References
archives.neohapsis.com/archives/fulldisclosure/2012-05/0235.html
packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.html
secunia.com/advisories/49247
www.mandriva.com/security/advisories?name=MDVSA-2012:114
www.osvdb.org/82139
www.securityfocus.com/bid/53661
exchange.xforce.ibmcloud.com/vulnerabilities/75813
github.com/bmuller/mod_auth_openid/blob/master/ChangeLog
github.com/bmuller/mod_auth_openid/pull/30
www.exploit-db.com/exploits/18917
Related
ubuntucve
ubuntucve
CVE-2012-2760
2012-07-25 00:00:00
nvd
nvd
CVE-2012-2760
2012-07-25 19:55:05
debiancve
debiancve
CVE-2012-2760
2012-07-25 19:55:05
cve
cve
CVE-2012-2760
2012-07-25 19:55:05
packetstorm
packetstorm
Mod_Auth_OpenID Session Stealing
2012-05-23 00:00:00
cvelist
cvelist
CVE-2012-2760
2012-07-25 19:00:00
seebug
seebug
Mod_Auth_OpenID Session Stealing Vulnerability
2014-07-01 00:00:00
exploitpack
exploitpack
Apache Mod_Auth_OpenID - Session Stealing
2012-05-24 00:00:00
securityvulns
securityvulns
Apache mod_auth_openid weak permissions
2012-07-29 00:00:00
[ MDVSA-2012:114 ] apache-mod_auth_openid
2012-07-29 00:00:00
exploitdb
exploitdb
Apache Mod_Auth_OpenID - Session Stealing
2012-05-24 00:00:00