Описание
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| edgy | ignored | end of life, was needed |
| feisty | released | 4.0.5-9.1ubuntu1 |
| gutsy | released | 4.0.5-9.1ubuntu1 |
| hardy | released | 4.0.5-9.1ubuntu1 |
| intrepid | released | 4.0.5-9.1ubuntu1 |
| jaunty | released | 4.0.5-9.1ubuntu1 |
| karmic | released | 4.0.5-9.1ubuntu1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
9 Critical
CVSS2
Связанные уязвимости
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLog ...
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
EPSS
9 Critical
CVSS2