Synopsis
The remote web server contains an application that is affected by multiple vulnerabilities.
Description
According to its version number, the MediaWiki application running on the remote host is affected by the following vulnerabilities :
- An input validation error exists related to handling API errors that allows reflected cross-site scripting attacks. (CVE-2014-9714, CVE-2015-2941)
- An input validation error exists related to SVG file uploads that allows stored cross-site scripting attacks by bypassing a missing MIME type blacklist.
(CVE-2015-2931)
- An input validation error exists related to the handling of JavaScript used to animate elements in the 'includes/upload/UploadBase.php' script that allows a remote attacker to bypass the blacklist filter.
(CVE-2015-2932)
- An input validation error exists in the 'includes/Html.php' script that allows stored cross-site scripting attacks. (CVE-2015-2933)
- A flaw in the 'includes/libs/XmlTypeCheck.php' script allows a remote attacker to bypass the SVG filter by encoding SVG entities. (CVE-2015-2934)
- A flaw in the 'includes/upload/UploadBase.php' script allows a remote attacker to bypass the SVG filter and de-anonymize the wiki readers. This issue exists due to an incomplete fix for CVE-2014-7199. (CVE-2015-2935)
- A denial of service vulnerability exists due to a flaw in the handling of hashing large PBKDF2 passwords.
(CVE-2015-2936)
- A denial of service vulnerability exists due to an XML external entity injection (XXE) flaw that is triggered by the parsing of crafted XML data. (CVE-2015-2937)
- An input validation error exists related to the user-supplied custom JavaScript that allows stored cross-site scripting attacks. (CVE-2015-2938)
- An input validation error exists related to the Scribunto extension that allows stored cross-site scripting attacks. (CVE-2015-2939)
- A flaw in the CheckUser extension allows cross-site request forgery attacks due to a flaw in which user rights are not properly checked. (CVE-2015-2940)
- A denial of service vulnerability exists due to an XML external entity (XXE) injection flaw triggered by the parsing of crafted XML data in SVG or XMP files.
(CVE-2015-2942)
- A cross-site scripting vulnerability exists due to improper validation of input encoded entities in SVG files. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to MediaWiki version 1.19.24 / 1.23.9 / 1.24.2 or later.
Plugin Details
File Name: mediawiki_1_24_2.nasl
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:mediawiki:mediawiki
Required KB Items: Settings/ParanoidReport, installed_sw/MediaWiki, www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No known exploits are available
Patch Publication Date: 3/31/2015
Vulnerability Publication Date: 3/31/2015
Reference Information
CVE: CVE-2014-9714, CVE-2015-2931, CVE-2015-2932, CVE-2015-2933, CVE-2015-2934, CVE-2015-2935, CVE-2015-2936, CVE-2015-2937, CVE-2015-2938, CVE-2015-2939, CVE-2015-2940, CVE-2015-2941, CVE-2015-2942
BID: 73477, 74061