MoinMoin < 1.9.6 Multiple Vulnerabilities

medium Nessus Plugin ID 64930

Synopsis

A wiki application on the remote web server is affected by multiple vulnerabilities.

Description

According to its version number, the MoinMoin install hosted on the remote web server is affected by multiple vulnerabilities:

- Versions 1.9.3 up to 1.9.5 are affected by a directory traversal vulnerability because the _do_attachment_move action in 'AttachFile.py' does not properly sanitize user-supplied input. This could allow an unauthenticated, remote attacker to upload and overwrite arbitrary files on the remote host.
(CVE-2012-6080)

- Versions 1.9.x up to 1.9.5 are affected by a remote code execution vulnerability because the 'twikidraw.py' action fails to properly sanitize user-supplied input.
A remote, unauthenticated attacker could utilize a specially crafted request using directory traversal style characters to upload a file containing arbitrary code to the remote host. An attacker could then execute the code with the privileges of the user that runs the MoinMoin process. (CVE-2012-6081)

- Version 1.9.5 is affected by a cross-site scripting (XSS) vulnerability because the application fails to properly sanitize user-supplied input in the 'page_name' parameter when creating an rss link. An attacker could leverage this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site. (CVE-2012-6082)

- Versions < 1.9.x are not maintained by MoinMoin developers and should be considered vulnerable.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 1.9.6 or later.

See Also

http://moinmo.in/SecurityFixes

Plugin Details

Severity: Medium

ID: 64930

File Name: moinmoin_1_9_6.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 2/28/2013

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2012-6080

Vulnerability Information

CPE: cpe:/a:moinmo:moinmoin

Required KB Items: Settings/ParanoidReport, www/moinmoin

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/29/2012

Vulnerability Publication Date: 12/29/2012

Exploitable With

Metasploit (MoinMoin twikidraw Action Traversal File Upload)

Elliot (MoinMoin 1.9.5 RCE)

Reference Information

CVE: CVE-2012-6080, CVE-2012-6081, CVE-2012-6082

BID: 57076, 57082, 57089, 57147

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990