MediaWiki 1.19.x < 1.19.4 / 1.20.x < 1.20.3 Multiple Vulnerabilities

medium Nessus Plugin ID 65899

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities :

- A flaw exists related to certificate validation due to the server hostname not being verified to match a domain name in the Common Name (CN) or SubjectAltName of the X.509 certificate. This allows a man-in-the-middle attacker to spoof SSL services through the use of an arbitrary certificate. (CVE-2013-1816)

- A flaw exists when unblocking a user via the API that leads to the disclosure of sensitive information.
(CVE-2013-1817)

- A flaw exists in version 1.20 in the 'maintenance/mwdoc-filter.php' script that is triggered under certain server conditions. A remote attacker can exploit this to gain access to arbitrary files.
(CVE-2013-1818)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to MediaWiki version 1.19.4 / 1.20.3 or later.

See Also

http://www.nessus.org/u?797783b7

https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.4

https://www.mediawiki.org/wiki/Release_notes/1.20#MediaWiki_1.20.3

Plugin Details

Severity: Medium

ID: 65899

File Name: mediawiki_1_19_4.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 4/10/2013

Updated: 6/5/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2013-1818

Vulnerability Information

CPE: cpe:/a:mediawiki:mediawiki

Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/MediaWiki

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 3/4/2013

Vulnerability Publication Date: 12/30/2012

Reference Information

CVE: CVE-2013-1816, CVE-2013-1817, CVE-2013-1818

BID: 58304, 58305, 58306