fkie_nvd - fkie_cve-2005-0535

fkie_cve-2005-0535

Vulnerability from fkie_nvd

Published

2005-02-22 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/14360	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1013260	Patch, Vendor Advisory
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=307067	Vendor Advisory
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/14360	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1013260	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=307067	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
gentoo	linux	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users."
    }
  ],
  "id": "CVE-2005-0535",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-02-22T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14360"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1013260"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1013260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2005-0535 (GCVE-0-2005-0535)

Vulnerability from cvelistv5

Published

2005-02-24 05:00