Synopsis
The remote web server contains an application that is affected by multiple vulnerabilities.
Description
According to its self-reported version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities :
- A cross-site scripting (XSS) vulnerability exists in the includes/upload/UploadBase.php script due to improper validation of user-supplied input during the uploading of an SVG namespace. This allows a remote attacker to create a specially crafted request to execute arbitrary script code in a user's browser session within the trust relationship between the browser and server.
(CVE-2014-2242)
- A flaw exists in the includes/User.php script in the theloadFromSession() function where the validation of user tokens is terminated upon encountering the first incorrect character. This allows a remote attacker to gain access to session tokens using a brute force timing attack. (CVE-2014-2243)
- A cross-site scripting (XSS) vulnerability exists in the includes/api/ApiFormatBase.php script in the formatHTML() function due to improper validation of user-supplied input when handling links appended to api.php. This allows a context-dependent attacker to create a specially crafted request to execute arbitrary code in a user's browser session within the trust relationship between the browser and server.
(CVE-2014-2244)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to MediaWiki version 1.19.12 / 1.21.6 / 1.22.3 or later.
Plugin Details
File Name: mediawiki_1_19_12.nasl
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
Vulnerability Information
CPE: cpe:/a:mediawiki:mediawiki
Required KB Items: Settings/ParanoidReport, installed_sw/MediaWiki, www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No known exploits are available
Patch Publication Date: 2/28/2014
Vulnerability Publication Date: 2/3/2014
Reference Information
CVE: CVE-2014-2242, CVE-2014-2243, CVE-2014-2244
BID: 65883, 65906, 65910
CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990