Web application abuses : IkiWiki Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.113159

Kategorie: Web application abuses

Titel: IkiWiki Multiple Vulnerabilities

Zusammenfassung: The fix for ikiwiki for CVE-2016-10026 was incomplete; resulting in editing restriction bypass for git revert when using git versions older than 2.8.0.;; ikiwiki incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572),; which can be abused to lead to commit metadata forgery.

Beschreibung: Summary:
The fix for ikiwiki for CVE-2016-10026 was incomplete
resulting in editing restriction bypass for git revert when using git versions older than 2.8.0.

ikiwiki incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572),
which can be abused to lead to commit metadata forgery.

Vulnerability Impact:
Successful exploitation could allow an attacker to bypass access restriction.

Affected Software/OS:
IkiWiki before version 3.20161229.

Solution:
Update to version 3.20161229.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-9645
https://ikiwiki.info/security/#cve-2016-9645
https://marc.info/?l=oss-security&m=148304341511854&w=2
https://security-tracker.debian.org/tracker/CVE-2016-9645
Common Vulnerability Exposure (CVE) ID: CVE-2016-9646
Debian Security Information: DSA-3760 (Google Search)
https://www.debian.org/security/2017/dsa-3760

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.113159
Kategorie:	Web application abuses
Titel:	IkiWiki Multiple Vulnerabilities
Zusammenfassung:	The fix for ikiwiki for CVE-2016-10026 was incomplete; resulting in editing restriction bypass for git revert when using git versions older than 2.8.0.;; ikiwiki incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572),; which can be abused to lead to commit metadata forgery.
Beschreibung:	Summary: The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. ikiwiki incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. Vulnerability Impact: Successful exploitation could allow an attacker to bypass access restriction. Affected Software/OS: IkiWiki before version 3.20161229. Solution: Update to version 3.20161229. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9645 https://ikiwiki.info/security/#cve-2016-9645 https://marc.info/?l=oss-security&m=148304341511854&w=2 https://security-tracker.debian.org/tracker/CVE-2016-9645 Common Vulnerability Exposure (CVE) ID: CVE-2016-9646 Debian Security Information: DSA-3760 (Google Search) https://www.debian.org/security/2017/dsa-3760
Copyright	Copyright (C) 2018 Greenbone Networks GmbH