CVE-2013-4572

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*

Information

Published : 2020-02-06 07:15

Updated : 2020-02-10 11:40


NVD link : CVE-2013-4572

Mitre link : CVE-2013-4572


JSON object : View

CWE
CWE-384

Session Fixation

Advertisement

dedicated server usa

Products Affected

fedoraproject

  • fedora

mediawiki

  • mediawiki