MediaWiki < 1.19.10 / 1.21.4 / 1.22.1 Multiple Vulnerabilities

high Nessus Plugin ID 72370

Synopsis

The remote web server contains an application that is affected by multiple vulnerabilities.

Description

According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities :

- Escape sequences are not properly sanitized when passed to the 'Sanitizer::checkCss' class, which allows a remote attacker to conduct cross-site scripting attacks.
(CVE-2013-6451)

- An input validation error exists in the 'XmlTypeCheck.php' script in uploaded SVG files that contain external style sheets, which allows a remote attacker to conduct cross-site scripting attacks.
(CVE-2013-6452)

- Input validation by the checkSvgScriptCallback() function is bypassed in the 'UploadBase.php' script when an SVG file with invalid XML is uploaded. This can result in malicious code execution. (CVE-2013-6453)

- An input validation error exists in the 'Sanitizer.php' script when input is submitted to the '-o-link' attribute, which allows cross-site scripting attacks in Opera 12. (CVE-2013-6454)

- An information disclosure vulnerability exists in the log API, Enhanced Recent Changes feature, and users' watchlists that allows deleted log entries to be viewed.
(CVE-2013-6472)

Additionally, the following extensions contain vulnerabilities but are not enabled or installed by default (unless otherwise noted) :

- The TimedMediaHandler extension is affected by a cross-site scripting vulnerability due to the lack of input validation of the 'data-videopayload' attribute in the 'mw.PopUpThumbVideo.js' script. (CVE-2013-4574)

- The Scribuntu extension is affected by a NULL pointer dereference and buffer overflow flaw in the implementation of the 'luasandbox' PHP extension that can lead to a denial of service or arbitrary code execution. (CVE-2013-4570, CVE-2013-4571)

- The CentralAuth extension is affected by an information disclosure vulnerability due to the insertion of a username into the page's DOM. (CVE-2013-6455)

- The Semantic Forms extension is affected by a cross-site request forgery (XSRF) vulnerability due to the lack of token validation in the 'Special:CreateCategory' page.
(CVE-2014-3454)

Note that Nessus has not tested for these issues but has instead relied on the application's self-reported version number.

Solution

Upgrade to MediaWiki version 1.19.10 / 1.21.4 / 1.22.1 or later.

See Also

http://www.nessus.org/u?11acd3f1

https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.10

https://www.mediawiki.org/wiki/Release_notes/1.20#MediaWiki_1.21.4

https://www.mediawiki.org/wiki/Release_notes/1.22#MediaWiki_1.22.1

Plugin Details

Severity: High

ID: 72370

File Name: mediawiki_1_19_10.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 2/6/2014

Updated: 6/5/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-6453

Vulnerability Information

CPE: cpe:/a:mediawiki:mediawiki

Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/MediaWiki

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 1/14/2014

Vulnerability Publication Date: 6/17/2013

Reference Information

CVE: CVE-2013-4570, CVE-2013-4571, CVE-2013-4574, CVE-2013-6451, CVE-2013-6452, CVE-2013-6453, CVE-2013-6454, CVE-2013-6455, CVE-2013-6472, CVE-2014-3454

BID: 64966, 65003, 67522

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990