CVE-2012-2760
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2012-2760
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-2760.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2012-2760
- Published
- 2012-07-25T19:55:05Z
- Modified
- 2024-11-21T01:39:34Z
- Summary
- [none]
- Details
-
modauthopenid before 0.7 for Apache uses world-readable permissions for /tmp/modauthopenid.db, which allows local users to obtain session ids.
- References
-
- http://secunia.com/advisories/49247
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:114
- http://archives.neohapsis.com/archives/fulldisclosure/2012-05/0235.html
- http://packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.html
- http://www.exploit-db.com/exploits/18917
- http://www.osvdb.org/82139
- http://www.securityfocus.com/bid/53661
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75813
- https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog
- https://github.com/bmuller/mod_auth_openid/pull/30
- https://security-tracker.debian.org/tracker/CVE-2012-2760
Affected packages
Debian:11 / libapache2-mod-auth-openid
Package
- Name
- libapache2-mod-auth-openid
- Purl
- pkg:deb/debian/libapache2-mod-auth-openid?arch=source