Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2012-2760

Published: 25/07/2012 Updated: 29/08/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 215
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Mod Auth Openid

Vulnerability Summary

mod_auth_openid prior to 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.

Vulnerable Product Search on Vulmon Subscribe to Product

findingscience mod auth openid 0.1

findingscience mod auth openid

findingscience mod auth openid 0.2.1

findingscience mod auth openid 0.2

findingscience mod auth openid 0.5

findingscience mod auth openid 0.4

findingscience mod auth openid 0.3

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2012-2760: Information disclosure
Debian Bug report logs - #674165 CVE-2012-2760: Information disclosure Package: libapache2-mod-auth-openid; Maintainer for libapache2-mod-auth-openid is Debian QA Group <packages@qadebianorg>; Source for libapache2-mod-auth-openid is src:libapache2-mod-auth-openid (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <m ...

Exploits

Exploit DB: Apache Mod_Auth_OpenID - Session Stealing
githubcom/paranoid/mod_auth_openid/blob/master/CVE-2012-2760markdown # Security Advisory 1201 Summary : Session stealing Date : May 2012 Affected versions : all versions prior to mod_auth_openid-07 ID : mod_auth_openid-1201 CVE reference : CVE-2012-2760 # Details Session id ...
Exploit DB: Mod_Auth_OpenID Session Stealing
mod_auth_openid versions prior to 07 insecurely store session ids in /tmp/mod_auth_openiddb unencrypted ...

References

CWE-264https://github.com/bmuller/mod_auth_openid/pull/30http://packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.htmlhttp://secunia.com/advisories/49247https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLoghttp://www.exploit-db.com/exploits/18917http://archives.neohapsis.com/archives/fulldisclosure/2012-05/0235.htmlhttp://www.osvdb.org/82139http://www.securityfocus.com/bid/53661http://www.mandriva.com/security/advisories?name=MDVSA-2012:114https://exchange.xforce.ibmcloud.com/vulnerabilities/75813https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674165https://nvd.nist.govhttps://www.exploit-db.com/exploits/18917/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook