// For flags

CVE-2008-6549

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.

La función password_checker en config/multiconfig.py en MoinMoin v1.6.1 utiliza la característica cracklib y python-crack incluso cuando ambas no están como "thread-safe", lo que permite a atacantes remotos provocar una denegación de servicio (falta de segmentación y caída) a través de vectores desconocidos.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-03-29 CVE Reserved
  • 2009-03-30 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-17 EPSS Updated
  • 2024-09-17 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (3)
URL Tag Source
http://osvdb.org/48876 Vdb Entry
URL Date SRC
http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 2024-09-17
URL Date SRC
URL Date SRC
http://moinmo.in/SecurityFixes 2009-03-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Moinmo
Search vendor "Moinmo"
 Moinmoin
Search vendor "Moinmo" for product "Moinmoin"
 1.6.1
Search vendor "Moinmo" for product "Moinmoin" and version "1.6.1"
-
Affected