Detections
Analytics

FreeBSD : mediawiki -- two security vulnerabilities (fc55e396-6deb-11df-8b8e-000c29ba66d2)

high Nessus Plugin ID 46767

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Two security vulnerabilities were discovered :

Noncompliant CSS parsing behaviour in Internet Explorer allows attackers to construct CSS strings which are treated as safe by previous versions of MediaWiki, but are decoded to unsafe strings by Internet Explorer.

A CSRF vulnerability was discovered in our login interface. Although regular logins are protected as of 1.15.3, it was discovered that the account creation and password reset reset features were not protected from CSRF. This could lead to unauthorised access to private wikis.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?f8b92a7d

http://www.nessus.org/u?f7e5d5f1

Plugin Details

Severity: High

ID: 46767

File Name: freebsd_pkg_fc55e3966deb11df8b8e000c29ba66d2.nasl

Version: 1.10

Type: local

Published: 6/2/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mediawiki, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 6/2/2010

Vulnerability Publication Date: 5/28/2010

Reference Information

Secunia: 39922