mediawiki: session fixation flaw
| Package(s): | mediawiki | CVE #(s): | CVE-2012-5391 | ||||||||||||
| Created: | February 19, 2013 | Updated: | March 22, 2013 | ||||||||||||
| Description: | From the Red Hat bugzilla:
A session fixation flaw was found in the way MediaWiki, a wiki engine, performed maintenance of user session ids after user login / logout. A remote attacker could provide a specially-crafted URL that, when visited by an authenticated MediaWiki user, could allow the attacker to impersonate the victim. | ||||||||||||||
| Alerts: |
| ||||||||||||||