Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2010-6335.NASL
HistoryJul 07, 2010 - 12:00 a.m.

Fedora 12 : mediawiki-1.15.3-53.fc12 (2010-6335)

2010-07-0700:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.1%

JSON

This is a security and bugfix release of MediaWiki 1.15.3. Three security issues are fixed in this update: A CSS validation issue was discovered which allows editors to display external images in wiki pages. A data leakage vulnerability was discovered in thumb.php which affects wikis which restrict access to private files using img_auth.php, or some similar scheme. MediaWiki was found to be vulnerable to login CSRF. The upstrea authors recommend that all public wikis should be upgraded if possible. The fix includes a breaking change to the API login action. Any clients using it will need to be updated.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-6335.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(47615);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2010-1189", "CVE-2010-1190");
  script_bugtraq_id(38617, 38621);
  script_xref(name:"FEDORA", value:"2010-6335");

  script_name(english:"Fedora 12 : mediawiki-1.15.3-53.fc12 (2010-6335)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This is a security and bugfix release of MediaWiki 1.15.3. Three
security issues are fixed in this update: A CSS validation issue was
discovered which allows editors to display external images in wiki
pages. A data leakage vulnerability was discovered in thumb.php which
affects wikis which restrict access to private files using
img_auth.php, or some similar scheme. MediaWiki was found to be
vulnerable to login CSRF. The upstrea authors recommend that all
public wikis should be upgraded if possible. The fix includes a
breaking change to the API login action. Any clients using it will
need to be updated.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=571926"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/043799.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1bb667e0"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected mediawiki package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mediawiki");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/04/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC12", reference:"mediawiki-1.15.3-53.fc12")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mediawiki");
}
VendorProductVersionCPE
fedoraprojectfedoramediawikip-cpe:/a:fedoraproject:fedora:mediawiki
fedoraprojectfedora12cpe:/o:fedoraproject:fedora:12

Related

nessus 2
openvas 6
osv 1
fedora 1
nvd 2
ubuntucve 2
prion 2
debiancve 2
cve 2
cvelist 2
seebug 1
nessus
nessus
openSUSE Security Update : mediawiki (openSUSE-SU-2010:0154-1)
2010-04-27 00:00:00
Debian DSA-2022-1 : mediawiki - several vulnerabilities
2010-03-25 00:00:00
openvas
openvas
Debian Security Advisory DSA 2022-1 (mediawiki)
2010-03-30 00:00:00
Fedora Update for mediawiki FEDORA-2010-6335
2010-07-12 00:00:00
Fedora Update for mediawiki FEDORA-2010-6335
2010-07-12 00:00:00
osv
osv
mediawiki - several vulnerabilities
2010-03-23 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: mediawiki-1.15.3-53.fc12
2010-07-06 17:23:04
nvd
nvd
CVE-2010-1190
2010-03-31 18:00:00
CVE-2010-1189
2010-03-31 18:00:00
ubuntucve
ubuntucve
CVE-2010-1189
2010-03-31 00:00:00
CVE-2010-1190
2010-03-31 00:00:00
prion
prion
Input validation
2010-03-31 18:00:00
Design/Logic Flaw
2010-03-31 18:00:00
debiancve
debiancve
CVE-2010-1190
2010-03-31 18:00:00
CVE-2010-1189
2010-03-31 18:00:00
cve
cve
CVE-2010-1190
2010-03-31 18:00:00
CVE-2010-1189
2010-03-31 18:00:00
cvelist
cvelist
CVE-2010-1190
2010-03-31 17:35:00
CVE-2010-1189
2010-03-31 17:35:00
seebug
seebug
MediaWiki &gt;= 1.5 CSS验证信息泄露漏洞
2010-04-29 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.1%

JSON
Related for FEDORA_2010-6335.NASL
nessus2openvas6osv1fedora1nvd2ubuntucve2prion2debiancve2cve2cvelist2seebug1