CVE-2010-1238

Description

MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.

How to fix CVE-2010-1238

To remediate CVE-2010-1238, upgrade the affected package to a fixed version below.

• Debian/moin—upgrade to 1.9.2-3 or later

Is CVE-2010-1238 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.9.2-3

References (4)

• ADVISORYsecunia.com/advisories/39284
• ADVISORYwww.debian.org/security/2010/dsa-2024
• ADVISORYwww.ubuntu.com/usn/USN-925-1
• ADVISORYwww.vupen.com/english/advisories/2010/0831