Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2012-4379

Опубликовано: 19 окт. 2017
Источник: debian
EPSS Низкий

Описание

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mediawikifixed1:1.19.2-1package
mediawikiend-of-lifesqueezepackage

Примечания

  • https://bugzilla.wikimedia.org/show_bug.cgi?id=39180

  • https://www.openwall.com/lists/oss-security/2012/08/31/6

EPSS

Процентиль: 62%
0.00429
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2012-4379

CVSS3: 6.5
ubuntu
больше 8 лет назад

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.

nvd логотип

CVE-2012-4379

CVSS3: 6.5
nvd
больше 8 лет назад

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.

github логотип

GHSA-vj53-2xmv-77mc

CVSS3: 6.5
github
больше 3 лет назад

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.

EPSS

Процентиль: 62%
0.00429
Низкий