Synopsis
The remote web server contains an application that is affected by multiple vulnerabilities.
Description
According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities :
- A flaw exists due to comments not being prepended to the JSONP callbacks. This allows a remote attacker, using a specially crafted SWF file, to perform a cross-site request forgery attack. (CVE-2014-5241)
- A cross-site scripting vulnerability exists within the 'mediawiki.page.image.pagination.js' script due to a failure to validate user-supplied input when the function 'ajaxifyPageNavigation' calls 'loadPage'. This allows a remote attacker, using a specially crafted request, to execute arbitrary script code within the trust relationship between the browser and server.
(CVE-2014-5242)
- A flaw exists with the iFrame protection mechanism, related to 'OutputPage' and 'ParserOutput', which allows a remote attacker to conduct a clickjacking attack.
(CVE-2014-5243)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to MediaWiki version 1.19.18 / 1.22.9 / 1.23.2 or later.
Plugin Details
File Name: mediawiki_1_23_2.nasl
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:mediawiki:mediawiki
Required KB Items: Settings/ParanoidReport, installed_sw/MediaWiki, www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No known exploits are available
Patch Publication Date: 7/30/2014
Vulnerability Publication Date: 6/14/2014
Reference Information
CVE: CVE-2014-5241, CVE-2014-5242, CVE-2014-5243
BID: 69135, 69136, 69137
CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990