MediaWiki < 1.19.24 / 1.23.9 / 1.24.2 Multiple Vulnerabilities

medium Nessus Plugin ID 84164

Synopsis

The remote web server contains an application that is affected by multiple vulnerabilities.

Description

According to its version number, the MediaWiki application running on the remote host is affected by the following vulnerabilities :

- An input validation error exists related to handling API errors that allows reflected cross-site scripting attacks. (CVE-2014-9714, CVE-2015-2941)

- An input validation error exists related to SVG file uploads that allows stored cross-site scripting attacks by bypassing a missing MIME type blacklist.
(CVE-2015-2931)

- An input validation error exists related to the handling of JavaScript used to animate elements in the 'includes/upload/UploadBase.php' script that allows a remote attacker to bypass the blacklist filter.
(CVE-2015-2932)

- An input validation error exists in the 'includes/Html.php' script that allows stored cross-site scripting attacks. (CVE-2015-2933)

- A flaw in the 'includes/libs/XmlTypeCheck.php' script allows a remote attacker to bypass the SVG filter by encoding SVG entities. (CVE-2015-2934)

- A flaw in the 'includes/upload/UploadBase.php' script allows a remote attacker to bypass the SVG filter and de-anonymize the wiki readers. This issue exists due to an incomplete fix for CVE-2014-7199. (CVE-2015-2935)

- A denial of service vulnerability exists due to a flaw in the handling of hashing large PBKDF2 passwords.
(CVE-2015-2936)

- A denial of service vulnerability exists due to an XML external entity injection (XXE) flaw that is triggered by the parsing of crafted XML data. (CVE-2015-2937)

- An input validation error exists related to the user-supplied custom JavaScript that allows stored cross-site scripting attacks. (CVE-2015-2938)

- An input validation error exists related to the Scribunto extension that allows stored cross-site scripting attacks. (CVE-2015-2939)

- A flaw in the CheckUser extension allows cross-site request forgery attacks due to a flaw in which user rights are not properly checked. (CVE-2015-2940)

- A denial of service vulnerability exists due to an XML external entity (XXE) injection flaw triggered by the parsing of crafted XML data in SVG or XMP files.
(CVE-2015-2942)

- A cross-site scripting vulnerability exists due to improper validation of input encoded entities in SVG files. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to MediaWiki version 1.19.24 / 1.23.9 / 1.24.2 or later.

See Also

http://www.nessus.org/u?bfc5045c

https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.24

https://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.9

https://www.mediawiki.org/wiki/Release_notes/1.24#MediaWiki_1.24.2

https://blogs.securiteam.com/index.php/archives/2669

Plugin Details

Severity: Medium

ID: 84164

File Name: mediawiki_1_24_2.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 6/12/2015

Updated: 6/5/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-2940

Vulnerability Information

CPE: cpe:/a:mediawiki:mediawiki

Required KB Items: Settings/ParanoidReport, installed_sw/MediaWiki, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 3/31/2015

Vulnerability Publication Date: 3/31/2015

Reference Information

CVE: CVE-2014-9714, CVE-2015-2931, CVE-2015-2932, CVE-2015-2933, CVE-2015-2934, CVE-2015-2935, CVE-2015-2936, CVE-2015-2937, CVE-2015-2938, CVE-2015-2939, CVE-2015-2940, CVE-2015-2941, CVE-2015-2942

BID: 73477, 74061