{"id": "FEDORA_2014-3344.NASL", "bulletinFamily": "scanner", "title": "Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)", "description": "- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-03-11T00:00:00", "modified": "2018-12-05T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72917", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1071139", "http://www.nessus.org/u?8735e662", "https://bugzilla.redhat.com/show_bug.cgi?id=1071136", "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"], "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-2243"], "type": "nessus", "lastseen": "2019-02-21T01:20:53", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:mediawiki"], "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-2243"], "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "77aa80eeb2f741e10b7d0e7252d76184dc6fc339112426d2fe775275c563852b", "hashmap": [{"hash": "612192197db285df7d718f5433755c5a", "key": "href"}, {"hash": "2ce8ddb6ade24b895d0136ca40fb35e1", "key": "references"}, {"hash": "1e5af650260219a246a3ab7989c2c860", "key": "cvelist"}, {"hash": "cdfdd3bde3a2886722003d7eda0e3101", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6a4b5eb1bcbbfa7afbc292c5d9cafed9", "key": "description"}, {"hash": "aa48a6bdcab91a600eca490863982fbd", "key": "cvss"}, {"hash": "930877e9b3fcbe25f9e295966b44bff4", "key": "cpe"}, {"hash": "5d453c7ad97c1ee84f981ba7dbcdedaf", "key": "published"}, {"hash": "e52971a7b7c3ea1b5f4c93b9b9516172", "key": "sourceData"}, {"hash": "2f357b3012a694f9dc335138883753ba", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "684e54d7d2c62031320ee23067355001", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=72917", "id": "FEDORA_2014-3344.NASL", "lastseen": "2018-12-08T03:46:19", "modified": "2018-12-05T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "72917", "published": "2014-03-11T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1071139", "http://www.nessus.org/u?8735e662", "https://bugzilla.redhat.com/show_bug.cgi?id=1071136", "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3344.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72917);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65883, 65906, 65910);\n script_xref(name:\"FEDORA\", value:\"2014-3344\");\n\n script_name(english:\"Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - (bug 60771) SECURITY: Disallow uploading SVG files using\n non-whitelisted namespaces. Also disallow iframe\n elements. User will get an error including the namespace\n name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use\n constant time. It seems like our token comparison\n would be vulnerable to timing attacks. This will take\n constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the\n middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071139\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8735e662\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mediawiki-1.21.6-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "title": "Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-12-08T03:46:19"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:mediawiki"], "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-2243"], "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "- (bug 60771) SECURITY: Disallow uploading SVG files using\n non-whitelisted namespaces. Also disallow iframe\n elements. User will get an error including the namespace\n name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use\n constant time. It seems like our token comparison\n would be vulnerable to timing attacks. This will take\n constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the\n middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:18:06", "references": [{"idList": ["OPENVAS:1361412562310121343", "OPENVAS:1361412562310867564", "OPENVAS:867562", "OPENVAS:1361412562310867562", "OPENVAS:867564", "OPENVAS:1361412562310804321"], "type": "openvas"}, {"idList": ["GENTOO_GLSA-201502-04.NASL", "FEDORA_2014-3338.NASL", "MEDIAWIKI_1_19_12.NASL", "MANDRIVA_MDVSA-2014-057.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:VULN:13733", "SECURITYVULNS:DOC:30625"], "type": "securityvulns"}, {"idList": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-2243"], "type": "cve"}, {"idList": ["GLSA-201502-04"], "type": "gentoo"}, {"idList": ["SSV:61666", "SSV:61665", "SSV:61667"], "type": "seebug"}]}, "score": {"value": 2.1, "vector": "NONE"}}, "hash": "8e508351062451fcb02b3c75fa253e84ded53a23ffc585c828f296ae9a171d34", "hashmap": [{"hash": "612192197db285df7d718f5433755c5a", "key": "href"}, {"hash": "501c02a6e0a03fa23b07a7ea06ddee52", "key": "description"}, {"hash": "2ce8ddb6ade24b895d0136ca40fb35e1", "key": "references"}, {"hash": "1e5af650260219a246a3ab7989c2c860", "key": "cvelist"}, {"hash": "cdfdd3bde3a2886722003d7eda0e3101", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "aa48a6bdcab91a600eca490863982fbd", "key": "cvss"}, {"hash": "930877e9b3fcbe25f9e295966b44bff4", "key": "cpe"}, {"hash": "5d453c7ad97c1ee84f981ba7dbcdedaf", "key": "published"}, {"hash": "e52971a7b7c3ea1b5f4c93b9b9516172", "key": "sourceData"}, {"hash": "2f357b3012a694f9dc335138883753ba", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "684e54d7d2c62031320ee23067355001", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=72917", "id": "FEDORA_2014-3344.NASL", "lastseen": "2019-01-16T20:18:06", "modified": "2018-12-05T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "72917", "published": "2014-03-11T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1071139", "http://www.nessus.org/u?8735e662", "https://bugzilla.redhat.com/show_bug.cgi?id=1071136", "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3344.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72917);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65883, 65906, 65910);\n script_xref(name:\"FEDORA\", value:\"2014-3344\");\n\n script_name(english:\"Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - (bug 60771) SECURITY: Disallow uploading SVG files using\n non-whitelisted namespaces. Also disallow iframe\n elements. User will get an error including the namespace\n name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use\n constant time. It seems like our token comparison\n would be vulnerable to timing attacks. This will take\n constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the\n middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071139\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8735e662\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mediawiki-1.21.6-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "title": "Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:18:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-2243"], "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "32580a64f3c2b07b2db24cf58ebbe3f4d2b2752982494d6134044afe1562ee05", "hashmap": [{"hash": "612192197db285df7d718f5433755c5a", "key": "href"}, {"hash": "32d1eb8ae18a430241ec117420b4bea1", "key": "sourceData"}, {"hash": "2ce8ddb6ade24b895d0136ca40fb35e1", "key": "references"}, {"hash": "1e5af650260219a246a3ab7989c2c860", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6a4b5eb1bcbbfa7afbc292c5d9cafed9", "key": "description"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "aa48a6bdcab91a600eca490863982fbd", "key": "cvss"}, {"hash": "5d453c7ad97c1ee84f981ba7dbcdedaf", "key": "published"}, {"hash": "2f357b3012a694f9dc335138883753ba", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "684e54d7d2c62031320ee23067355001", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=72917", "id": "FEDORA_2014-3344.NASL", "lastseen": "2016-09-26T17:25:07", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "72917", "published": "2014-03-11T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1071139", "http://www.nessus.org/u?8735e662", "https://bugzilla.redhat.com/show_bug.cgi?id=1071136", "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3344.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72917);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:32:17 $\");\n\n script_cve_id(\"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65883, 65906, 65910);\n script_xref(name:\"FEDORA\", value:\"2014-3344\");\n\n script_name(english:\"Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - (bug 60771) SECURITY: Disallow uploading SVG files using\n non-whitelisted namespaces. Also disallow iframe\n elements. User will get an error including the namespace\n name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use\n constant time. It seems like our token comparison\n would be vulnerable to timing attacks. This will take\n constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the\n middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071139\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8735e662\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mediawiki-1.21.6-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "title": "Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:mediawiki"], "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-2243"], "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "ba18678c2b37d944ee5d61d5db54b20a8a03d54ef1cf567002ef3bf99d180fc2", "hashmap": [{"hash": "612192197db285df7d718f5433755c5a", "key": "href"}, {"hash": "32d1eb8ae18a430241ec117420b4bea1", "key": "sourceData"}, {"hash": "2ce8ddb6ade24b895d0136ca40fb35e1", "key": "references"}, {"hash": "1e5af650260219a246a3ab7989c2c860", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6a4b5eb1bcbbfa7afbc292c5d9cafed9", "key": "description"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "aa48a6bdcab91a600eca490863982fbd", "key": "cvss"}, {"hash": "930877e9b3fcbe25f9e295966b44bff4", "key": "cpe"}, {"hash": "5d453c7ad97c1ee84f981ba7dbcdedaf", "key": "published"}, {"hash": "2f357b3012a694f9dc335138883753ba", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "684e54d7d2c62031320ee23067355001", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=72917", "id": "FEDORA_2014-3344.NASL", "lastseen": "2018-09-01T23:51:38", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "72917", "published": "2014-03-11T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1071139", "http://www.nessus.org/u?8735e662", "https://bugzilla.redhat.com/show_bug.cgi?id=1071136", "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3344.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72917);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:32:17 $\");\n\n script_cve_id(\"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65883, 65906, 65910);\n script_xref(name:\"FEDORA\", value:\"2014-3344\");\n\n script_name(english:\"Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - (bug 60771) SECURITY: Disallow uploading SVG files using\n non-whitelisted namespaces. Also disallow iframe\n elements. User will get an error including the namespace\n name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use\n constant time. It seems like our token comparison\n would be vulnerable to timing attacks. This will take\n constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the\n middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071139\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8735e662\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mediawiki-1.21.6-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "title": "Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:51:38"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:mediawiki"], "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-2243"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "8c1b6ff428991e0982b303377defa02f2a39e3ef38c108ae8455140fc072dac1", "hashmap": [{"hash": "612192197db285df7d718f5433755c5a", "key": "href"}, {"hash": "32d1eb8ae18a430241ec117420b4bea1", "key": "sourceData"}, {"hash": "2ce8ddb6ade24b895d0136ca40fb35e1", "key": "references"}, {"hash": "1e5af650260219a246a3ab7989c2c860", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6a4b5eb1bcbbfa7afbc292c5d9cafed9", "key": "description"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "930877e9b3fcbe25f9e295966b44bff4", "key": "cpe"}, {"hash": "5d453c7ad97c1ee84f981ba7dbcdedaf", "key": "published"}, {"hash": "2f357b3012a694f9dc335138883753ba", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "684e54d7d2c62031320ee23067355001", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=72917", "id": "FEDORA_2014-3344.NASL", "lastseen": "2018-08-30T19:46:03", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "72917", "published": "2014-03-11T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1071139", "http://www.nessus.org/u?8735e662", "https://bugzilla.redhat.com/show_bug.cgi?id=1071136", "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3344.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72917);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:32:17 $\");\n\n script_cve_id(\"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65883, 65906, 65910);\n script_xref(name:\"FEDORA\", value:\"2014-3344\");\n\n script_name(english:\"Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - (bug 60771) SECURITY: Disallow uploading SVG files using\n non-whitelisted namespaces. Also disallow iframe\n elements. User will get an error including the namespace\n name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use\n constant time. It seems like our token comparison\n would be vulnerable to timing attacks. This will take\n constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the\n middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071139\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8735e662\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mediawiki-1.21.6-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "title": "Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:46:03"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:mediawiki"], "cvelist": ["CVE-2014-2244", "CVE-2014-2242", "CVE-2014-2243"], "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "ba18678c2b37d944ee5d61d5db54b20a8a03d54ef1cf567002ef3bf99d180fc2", "hashmap": [{"hash": "612192197db285df7d718f5433755c5a", "key": "href"}, {"hash": "32d1eb8ae18a430241ec117420b4bea1", "key": "sourceData"}, {"hash": "2ce8ddb6ade24b895d0136ca40fb35e1", "key": "references"}, {"hash": "1e5af650260219a246a3ab7989c2c860", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6a4b5eb1bcbbfa7afbc292c5d9cafed9", "key": "description"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "aa48a6bdcab91a600eca490863982fbd", "key": "cvss"}, {"hash": "930877e9b3fcbe25f9e295966b44bff4", "key": "cpe"}, {"hash": "5d453c7ad97c1ee84f981ba7dbcdedaf", "key": "published"}, {"hash": "2f357b3012a694f9dc335138883753ba", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "684e54d7d2c62031320ee23067355001", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=72917", "id": "FEDORA_2014-3344.NASL", "lastseen": "2017-10-29T13:39:52", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "72917", "published": "2014-03-11T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1071139", "http://www.nessus.org/u?8735e662", "https://bugzilla.redhat.com/show_bug.cgi?id=1071136", "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3344.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72917);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:32:17 $\");\n\n script_cve_id(\"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65883, 65906, 65910);\n script_xref(name:\"FEDORA\", value:\"2014-3344\");\n\n script_name(english:\"Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - (bug 60771) SECURITY: Disallow uploading SVG files using\n non-whitelisted namespaces. Also disallow iframe\n elements. User will get an error including the namespace\n name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use\n constant time. It seems like our token comparison\n would be vulnerable to timing attacks. This will take\n constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the\n middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071139\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8735e662\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mediawiki-1.21.6-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "title": "Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:39:52"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "930877e9b3fcbe25f9e295966b44bff4"}, {"key": "cvelist", "hash": "1e5af650260219a246a3ab7989c2c860"}, {"key": "cvss", "hash": "aa48a6bdcab91a600eca490863982fbd"}, {"key": "description", "hash": "6a4b5eb1bcbbfa7afbc292c5d9cafed9"}, {"key": "href", "hash": "612192197db285df7d718f5433755c5a"}, {"key": "modified", "hash": "cdfdd3bde3a2886722003d7eda0e3101"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "684e54d7d2c62031320ee23067355001"}, {"key": "published", "hash": "5d453c7ad97c1ee84f981ba7dbcdedaf"}, {"key": "references", "hash": "2ce8ddb6ade24b895d0136ca40fb35e1"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "e52971a7b7c3ea1b5f4c93b9b9516172"}, {"key": "title", "hash": "2f357b3012a694f9dc335138883753ba"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "77aa80eeb2f741e10b7d0e7252d76184dc6fc339112426d2fe775275c563852b", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2243", "CVE-2014-2244", "CVE-2014-2242"]}, {"type": "nessus", "idList": ["FEDORA_2014-3338.NASL", "MEDIAWIKI_1_19_12.NASL", "MANDRIVA_MDVSA-2014-057.NASL", "GENTOO_GLSA-201502-04.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804321", "OPENVAS:1361412562310867564", "OPENVAS:1361412562310867562", "OPENVAS:867564", "OPENVAS:867562", "OPENVAS:1361412562310121343"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30625", "SECURITYVULNS:VULN:13733"]}, {"type": "seebug", "idList": ["SSV:61666", "SSV:61665", "SSV:61667"]}, {"type": "gentoo", "idList": ["GLSA-201502-04"]}], "modified": "2019-02-21T01:20:53"}, "score": {"value": 2.1, "vector": "NONE"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3344.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72917);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65883, 65906, 65910);\n script_xref(name:\"FEDORA\", value:\"2014-3344\");\n\n script_name(english:\"Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - (bug 60771) SECURITY: Disallow uploading SVG files using\n non-whitelisted namespaces. Also disallow iframe\n elements. User will get an error including the namespace\n name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use\n constant time. It seems like our token comparison\n would be vulnerable to timing attacks. This will take\n constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the\n middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071139\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8735e662\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mediawiki-1.21.6-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "72917", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:mediawiki"], "scheme": null}

{"cve": [{"lastseen": "2016-09-03T20:12:20", "bulletinFamily": "NVD", "description": "includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses.", "modified": "2014-03-03T15:55:01", "published": "2014-03-01T23:57:25", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2243", "id": "CVE-2014-2243", "title": "CVE-2014-2243", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T20:12:21", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.", "modified": "2015-08-07T14:15:33", "published": "2014-03-01T23:57:25", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2244", "id": "CVE-2014-2244", "title": "CVE-2014-2244", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T20:12:19", "bulletinFamily": "NVD", "description": "includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.", "modified": "2016-04-04T13:41:59", "published": "2014-03-01T23:57:25", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2242", "id": "CVE-2014-2242", "title": "CVE-2014-2242", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-10-22T16:40:53", "bulletinFamily": "scanner", "description": "The host is installed with MediaWiki and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2014-03-04T00:00:00", "id": "OPENVAS:1361412562310804321", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804321", "title": "Mediawiki Multiple Vulnerabilities-01 Mar14", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mediawiki_mult_vuln01_mar14.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Mediawiki Multiple Vulnerabilities-01 Mar14\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:mediawiki:mediawiki\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804321\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65910, 65883, 65906);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-04 10:37:52 +0530 (Tue, 04 Mar 2014)\");\n script_name(\"Mediawiki Multiple Vulnerabilities-01 Mar14\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with MediaWiki and is prone to multiple vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted data via HTTP GET request and check whether it is possible\nto read the cookie or not.\");\n script_tag(name:\"insight\", value:\"The multiple flaws are due to an,\n\n - Input passed via 'text' parameter to 'api.php' is not properly sanitised\n before being returned to the user.\n\n - Input to 'includes/upload/UploadBase.php' script is not properly sanitised\n during the uploading of an SVG namespace.\n\n - Error in 'includes/User.php' script in 'theloadFromSession' function.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to execute arbitrary HTML and\nscript code in a user's browser session in the context of an affected site\nand attacker can gain sensitive information.\");\n script_tag(name:\"affected\", value:\"Mediawiki version 1.19.x before 1.19.12, 1.20.x, 1.21.x\nbefore 1.21.6 and 1.22.x before 1.22.3\");\n script_tag(name:\"solution\", value:\"Upgrade to MediaWiki 1.19.12 or 1.21.6 or 1.22.3 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57184/\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2014/03/01/2\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_mediawiki_detect.nasl\");\n script_mandatory_keys(\"mediawiki/installed\");\n script_require_ports(\"Services/www\", 80);\n script_xref(name:\"URL\", value:\"http://www.mediawiki.org/wiki/MediaWiki\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\n\nif(!mwPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dir = get_app_location(cpe:CPE, port:mwPort)){\n exit(0);\n}\n\nurl= dir + \"/api.php?action=parse&text=api.php?http://onmouseover=alert%28\" +\n \"document.cookie%29//&title=Foo&prop=wikitext&format=jsonfm\";\n\nif(http_vuln_check(port:mwPort, url:url, check_header:TRUE,\n pattern:\">http.*onmouseover=alert\\(document.cookie\\)\",\n extra_check:make_list(\">MediaWiki API\")))\n{\n security_message(mwPort);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:48:44", "bulletinFamily": "scanner", "description": "Check for the Version of mediawiki", "modified": "2017-07-10T00:00:00", "published": "2014-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867562", "id": "OPENVAS:867562", "title": "Fedora Update for mediawiki FEDORA-2014-3344", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-3344\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867562);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:20:47 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-3344\");\n\n tag_insight = \"MediaWiki is the software used for Wikipedia and the other Wikimedia\nFoundation websites. Compared to other wikis, it has an excellent\nrange of features and support for high-traffic websites using multiple\nservers\n\nThis package supports wiki farms. Read the instructions for creating wiki\ninstances under /usr/share/doc/mediawiki-1.21.6/README.RPM.\nRemember to remove the config dir after completing the configuration.\n\";\n\n tag_affected = \"mediawiki on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3344\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129844.html\");\n script_summary(\"Check for the Version of mediawiki\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.6~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-18T14:37:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:1361412562310867564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867564", "title": "Fedora Update for mediawiki FEDORA-2014-3338", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-3338\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867564\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:21:06 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2242\", \"CVE-2014-2243\",\n \"CVE-2014-2244\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-3338\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-3338\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129882.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.6~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:43", "bulletinFamily": "scanner", "description": "Check for the Version of mediawiki", "modified": "2017-07-10T00:00:00", "published": "2014-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867564", "id": "OPENVAS:867564", "title": "Fedora Update for mediawiki FEDORA-2014-3338", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-3338\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867564);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:21:06 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2242\", \"CVE-2014-2243\",\n \"CVE-2014-2244\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-3338\");\n\n tag_insight = \"MediaWiki is the software used for Wikipedia and the other Wikimedia\nFoundation websites. Compared to other wikis, it has an excellent\nrange of features and support for high-traffic websites using multiple\nservers\n\nThis package supports wiki farms. Read the instructions for creating wiki\ninstances under /usr/share/doc/mediawiki/README.RPM.\nRemember to remove the config dir after completing the configuration.\n\";\n\n tag_affected = \"mediawiki on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3338\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129882.html\");\n script_summary(\"Check for the Version of mediawiki\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.6~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-18T14:37:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:1361412562310867562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867562", "title": "Fedora Update for mediawiki FEDORA-2014-3344", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2014-3344\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867562\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:20:47 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1610\", \"CVE-2013-6452\", \"CVE-2013-6451\", \"CVE-2013-6454\",\n \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mediawiki FEDORA-2014-3344\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-3344\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129844.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.21.6~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-29T12:39:59", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201502-04", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121343", "title": "Gentoo Security Advisory GLSA 201502-04", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201502-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121343\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:28 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201502-04\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers and MediaWiki announcement referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201502-04\");\n script_cve_id(\"CVE-2013-6451\", \"CVE-2013-6452\", \"CVE-2013-6453\", \"CVE-2013-6454\", \"CVE-2013-6472\", \"CVE-2014-1610\", \"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\", \"CVE-2014-2665\", \"CVE-2014-2853\", \"CVE-2014-5241\", \"CVE-2014-5242\", \"CVE-2014-5243\", \"CVE-2014-7199\", \"CVE-2014-7295\", \"CVE-2014-9276\", \"CVE-2014-9277\", \"CVE-2014-9475\", \"CVE-2014-9476\", \"CVE-2014-9477\", \"CVE-2014-9478\", \"CVE-2014-9479\", \"CVE-2014-9480\", \"CVE-2014-9481\", \"CVE-2014-9487\", \"CVE-2014-9507\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201502-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(\"ge 1.23.8\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(\"ge 1.22.15\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(\"ge 1.19.23\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(), vulnerable: make_list(\"lt 1.23.8\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:20:53", "bulletinFamily": "scanner", "description": "- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-05T00:00:00", "id": "FEDORA_2014-3338.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72916", "published": "2014-03-11T00:00:00", "title": "Fedora 20 : mediawiki-1.21.6-1.fc20 (2014-3338)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3338.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72916);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65883, 65906, 65910);\n script_xref(name:\"FEDORA\", value:\"2014-3338\");\n\n script_name(english:\"Fedora 20 : mediawiki-1.21.6-1.fc20 (2014-3338)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - (bug 60771) SECURITY: Disallow uploading SVG files using\n non-whitelisted namespaces. Also disallow iframe\n elements. User will get an error including the namespace\n name if they use a non-whitelisted namespace.\n\n - (bug 61346) SECURITY: Make token comparison use\n constant time. It seems like our token comparison\n would be vulnerable to timing attacks. This will take\n constant time.\n\n - (bug 61362) SECURITY: API: Don't find links in the\n middle of api.php links.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071139\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129882.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2127436\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mediawiki-1.21.6-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:20:53", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities :\n\n - A cross-site scripting (XSS) vulnerability exists in the includes/upload/UploadBase.php script due to improper validation of user-supplied input during the uploading of an SVG namespace. This allows a remote attacker to create a specially crafted request to execute arbitrary script code in a user's browser session within the trust relationship between the browser and server.\n (CVE-2014-2242)\n\n - A flaw exists in the includes/User.php script in the theloadFromSession() function where the validation of user tokens is terminated upon encountering the first incorrect character. This allows a remote attacker to gain access to session tokens using a brute force timing attack. (CVE-2014-2243)\n\n - A cross-site scripting (XSS) vulnerability exists in the includes/api/ApiFormatBase.php script in the formatHTML() function due to improper validation of user-supplied input when handling links appended to api.php. This allows a context-dependent attacker to create a specially crafted request to execute arbitrary code in a user's browser session within the trust relationship between the browser and server.\n (CVE-2014-2244)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-11-28T00:00:00", "id": "MEDIAWIKI_1_19_12.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72878", "published": "2014-03-07T00:00:00", "title": "MediaWiki < 1.19.12 / 1.21.6 / 1.22.3 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72878);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65883, 65906, 65910);\n\n script_name(english:\"MediaWiki < 1.19.12 / 1.21.6 / 1.22.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of MediaWiki.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of\nMediaWiki running on the remote host is affected by the following\nvulnerabilities :\n\n - A cross-site scripting (XSS) vulnerability exists in the\n includes/upload/UploadBase.php script due to improper\n validation of user-supplied input during the uploading\n of an SVG namespace. This allows a remote attacker to\n create a specially crafted request to execute arbitrary\n script code in a user's browser session within the trust\n relationship between the browser and server.\n (CVE-2014-2242)\n\n - A flaw exists in the includes/User.php script in the\n theloadFromSession() function where the validation of\n user tokens is terminated upon encountering the first\n incorrect character. This allows a remote attacker to\n gain access to session tokens using a brute force timing\n attack. (CVE-2014-2243)\n\n - A cross-site scripting (XSS) vulnerability exists in the\n includes/api/ApiFormatBase.php script in the\n formatHTML() function due to improper validation of\n user-supplied input when handling links appended to\n api.php. This allows a context-dependent attacker to\n create a specially crafted request to execute arbitrary\n code in a user's browser session within the trust\n relationship between the browser and server.\n (CVE-2014-2244)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?325d9a7e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.19\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.21\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.22\");\n script_set_attribute(attribute:\"see_also\", value:\"https://phabricator.wikimedia.org/T62771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://phabricator.wikimedia.org/T63346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://phabricator.wikimedia.org/T63362\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MediaWiki version 1.19.12 / 1.21.6 / 1.22.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/07\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mediawiki:mediawiki\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mediawiki_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/MediaWiki\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"MediaWiki\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\nversion = install['version'];\ninstall_url = build_url(qs:install['path'], port:port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# Detecting for all previous versions.\nif (\n version =~ \"^1\\.19\\.([0-9]|1[01])([^0-9]|$)\" ||\n version =~ \"^1\\.21\\.[0-5]([^0-9]|$)\" ||\n version =~ \"^1\\.22\\.[0-2]([^0-9]|$)\"\n)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed versions : 1.19.12 / 1.21.6 / 1.22.3' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:20:54", "bulletinFamily": "scanner", "description": "Updated mediawiki packages fix multiple vulnerabilities :\n\nMediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS (CVE-2013-6451).\n\nChris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include JavaScript (CVE-2013-6452).\n\nDuring internal review, it was discovered that MediaWiki's SVG sanitization could be bypassed when the XML was considered invalid (CVE-2013-6453).\n\nDuring internal review, it was discovered that MediaWiki displayed some information about deleted pages in the log API, enhanced RecentChanges, and user watchlists (CVE-2013-6472).\n\nNetanel Rubin from Check Point discovered a remote code execution vulnerability in MediaWiki's thumbnail generation for DjVu files.\nInternal review also discovered similar logic in the PdfHandler extension, which could be exploited in a similar way (CVE-2014-1610).\n\nMediaWiki before 1.22.3 does not block unsafe namespaces, such as a W3C XHTML namespace, in uploaded SVG files. Some client software may use these namespaces in a way that results in XSS. This was fixed by disallowing uploading SVG files using non-whitelisted namespaces (CVE-2014-2242).\n\nMediaWiki before 1.22.3 performs token comparison that may be vulnerable to timing attacks. This was fixed by making token comparison use constant time (CVE-2014-2243).\n\nMediaWiki before 1.22.3 could allow an attacker to perform XSS attacks, due to flaw with link handling in api.php. This was fixed such that it won't find links in the middle of api.php links (CVE-2014-2244).\n\nMediaWiki has been updated to version 1.22.3, which fixes these issues, as well as several others.\n\nAlso, the mediawiki-ldapauthentication and mediawiki-math extensions have been updated to newer versions that are compatible with MediaWiki 1.22.\n\nAdditionally, the mediawiki-graphviz extension has been obsoleted, due to the fact that it is unmaintained upstream and is vulnerable to cross-site scripting attacks.\n\nNote: if you were using the instances feature in these packages to support multiple wiki instances, this feature has now been removed.\nYou will need to maintain separate wiki instances manually.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2014-057.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73004", "published": "2014-03-14T00:00:00", "title": "Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:057)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:057. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73004);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2013-6451\", \"CVE-2013-6452\", \"CVE-2013-6453\", \"CVE-2013-6472\", \"CVE-2014-1610\", \"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\");\n script_bugtraq_id(65003, 65223, 65883, 65906, 65910);\n script_xref(name:\"MDVSA\", value:\"2014:057\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:057)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mediawiki packages fix multiple vulnerabilities :\n\nMediaWiki user Michael M reported that the fix for CVE-2013-4568\nallowed insertion of escaped CSS values which could pass the CSS\nvalidation checks, resulting in XSS (CVE-2013-6451).\n\nChris from RationalWiki reported that SVG files could be uploaded that\ninclude external stylesheets, which could lead to XSS when an XSL was\nused to include JavaScript (CVE-2013-6452).\n\nDuring internal review, it was discovered that MediaWiki's SVG\nsanitization could be bypassed when the XML was considered invalid\n(CVE-2013-6453).\n\nDuring internal review, it was discovered that MediaWiki displayed\nsome information about deleted pages in the log API, enhanced\nRecentChanges, and user watchlists (CVE-2013-6472).\n\nNetanel Rubin from Check Point discovered a remote code execution\nvulnerability in MediaWiki's thumbnail generation for DjVu files.\nInternal review also discovered similar logic in the PdfHandler\nextension, which could be exploited in a similar way (CVE-2014-1610).\n\nMediaWiki before 1.22.3 does not block unsafe namespaces, such as a\nW3C XHTML namespace, in uploaded SVG files. Some client software may\nuse these namespaces in a way that results in XSS. This was fixed by\ndisallowing uploading SVG files using non-whitelisted namespaces\n(CVE-2014-2242).\n\nMediaWiki before 1.22.3 performs token comparison that may be\nvulnerable to timing attacks. This was fixed by making token\ncomparison use constant time (CVE-2014-2243).\n\nMediaWiki before 1.22.3 could allow an attacker to perform XSS\nattacks, due to flaw with link handling in api.php. This was fixed\nsuch that it won't find links in the middle of api.php links\n(CVE-2014-2244).\n\nMediaWiki has been updated to version 1.22.3, which fixes these\nissues, as well as several others.\n\nAlso, the mediawiki-ldapauthentication and mediawiki-math extensions\nhave been updated to newer versions that are compatible with MediaWiki\n1.22.\n\nAdditionally, the mediawiki-graphviz extension has been obsoleted, due\nto the fact that it is unmaintained upstream and is vulnerable to\ncross-site scripting attacks.\n\nNote: if you were using the instances feature in these packages to\nsupport multiple wiki instances, this feature has now been removed.\nYou will need to maintain separate wiki instances manually.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0113.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0124.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"MediaWiki thumb.php page Parameter Remote Shell Command Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MediaWiki Thumb.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki-ldapauthentication\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-1.22.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-ldapauthentication-2.0f-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-mysql-1.22.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-pgsql-1.22.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-sqlite-1.22.3-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:28", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201502-04 (MediaWiki: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers and MediaWiki announcement referenced below for details.\n Impact :\n\n A remote attacker may be able to execute arbitrary code with the privileges of the process, create a Denial of Service condition, obtain sensitive information, bypass security restrictions, and inject arbitrary web script or HTML.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2019-02-07T00:00:00", "id": "GENTOO_GLSA-201502-04.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81227", "published": "2015-02-09T00:00:00", "title": "GLSA-201502-04 : MediaWiki: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201502-04.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81227);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/02/07 9:34:55\");\n\n script_cve_id(\"CVE-2013-6451\", \"CVE-2013-6452\", \"CVE-2013-6453\", \"CVE-2013-6454\", \"CVE-2013-6472\", \"CVE-2014-1610\", \"CVE-2014-2242\", \"CVE-2014-2243\", \"CVE-2014-2244\", \"CVE-2014-2665\", \"CVE-2014-2853\", \"CVE-2014-5241\", \"CVE-2014-5242\", \"CVE-2014-5243\", \"CVE-2014-7199\", \"CVE-2014-7295\", \"CVE-2014-9276\", \"CVE-2014-9277\", \"CVE-2014-9475\", \"CVE-2014-9476\", \"CVE-2014-9477\", \"CVE-2014-9478\", \"CVE-2014-9479\", \"CVE-2014-9480\", \"CVE-2014-9481\", \"CVE-2014-9487\", \"CVE-2014-9507\");\n script_xref(name:\"GLSA\", value:\"201502-04\");\n\n script_name(english:\"GLSA-201502-04 : MediaWiki: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201502-04\n(MediaWiki: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MediaWiki. Please\n review the CVE identifiers and MediaWiki announcement referenced below\n for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code with the\n privileges of the process, create a Denial of Service condition, obtain\n sensitive information, bypass security restrictions, and inject arbitrary\n web script or HTML.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000155.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ef35312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201502-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MediaWiki 1.23 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.23.8'\n All MediaWiki 1.22 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.22.15'\n All MediaWiki 1.19 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.19.23'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"MediaWiki thumb.php page Parameter Remote Shell Command Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MediaWiki Thumb.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/mediawiki\", unaffected:make_list(\"ge 1.23.8\", \"rge 1.22.15\", \"rge 1.19.23\"), vulnerable:make_list(\"lt 1.23.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MediaWiki\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:057\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : mediawiki\r\n Date : March 13, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated mediawiki packages fix multiple vulnerabilities:\r\n \r\n MediaWiki user Michael M reported that the fix for CVE-2013-4568\r\n allowed insertion of escaped CSS values which could pass the CSS\r\n validation checks, resulting in XSS &#40;CVE-2013-6451&#41;.\r\n \r\n Chris from RationalWiki reported that SVG files could be uploaded\r\n that include external stylesheets, which could lead to XSS when an\r\n XSL was used to include JavaScript &#40;CVE-2013-6452&#41;.\r\n \r\n During internal review, it was discovered that MediaWiki&#039;s SVG\r\n sanitization could be bypassed when the XML was considered invalid\r\n &#40;CVE-2013-6453&#41;.\r\n \r\n During internal review, it was discovered that MediaWiki displayed some\r\n information about deleted pages in the log API, enhanced RecentChanges,\r\n and user watchlists &#40;CVE-2013-6472&#41;.\r\n \r\n Netanel Rubin from Check Point discovered a remote code execution\r\n vulnerability in MediaWiki&#039;s thumbnail generation for DjVu\r\n files. Internal review also discovered similar logic in the PdfHandler\r\n extension, which could be exploited in a similar way &#40;CVE-2014-1610&#41;.\r\n \r\n MediaWiki before 1.22.3 does not block unsafe namespaces, such as a\r\n W3C XHTML namespace, in uploaded SVG files. Some client software may\r\n use these namespaces in a way that results in XSS. This was fixed\r\n by disallowing uploading SVG files using non-whitelisted namespaces\r\n &#40;CVE-2014-2242&#41;.\r\n \r\n MediaWiki before 1.22.3 performs token comparison that may be\r\n vulnerable to timing attacks. This was fixed by making token\r\n comparison use constant time &#40;CVE-2014-2243&#41;.\r\n \r\n MediaWiki before 1.22.3 could allow an attacker to perform XSS attacks,\r\n due to flaw with link handling in api.php. This was fixed such that\r\n it won&#039;t find links in the middle of api.php links &#40;CVE-2014-2244&#41;.\r\n \r\n MediaWiki has been updated to version 1.22.3, which fixes these issues,\r\n as well as several others.\r\n \r\n Also, the mediawiki-ldapauthentication and mediawiki-math extensions\r\n have been updated to newer versions that are compatible with MediaWiki\r\n 1.22.\r\n \r\n Additionally, the mediawiki-graphviz extension has been obsoleted,\r\n due to the fact that it is unmaintained upstream and is vulnerable\r\n to cross-site scripting attacks.\r\n \r\n Note: if you were using the instances feature in these packages to\r\n support multiple wiki instances, this feature has now been removed.\r\n You will need to maintain separate wiki instances manually.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6451\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2242\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2243\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2244\r\n http://advisories.mageia.org/MGASA-2014-0113.html\r\n http://advisories.mageia.org/MGASA-2014-0124.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 0763c6b913556fd3d098e14e6711d4c9 mbs1/x86_64/mediawiki-1.22.3-1.mbs1.noarch.rpm\r\n 3f3d638b7a09dfc700a56f06a0e06629 mbs1/x86_64/mediawiki-ldapauthentication-2.0f-1.mbs1.noarch.rpm\r\n c1bdd7ff8e5ab29f74891cb4fa92bff0 mbs1/x86_64/mediawiki-mysql-1.22.3-1.mbs1.noarch.rpm\r\n 6cd761769b330e837612ed079816019f mbs1/x86_64/mediawiki-pgsql-1.22.3-1.mbs1.noarch.rpm\r\n e484574d3776723c87e46a832daf3c4a mbs1/x86_64/mediawiki-sqlite-1.22.3-1.mbs1.noarch.rpm \r\n 870886ea628aaac381b4ab4210e33ea0 mbs1/SRPMS/mediawiki-1.22.3-1.mbs1.src.rpm\r\n bfbd6cc7fb3ce82be5c01564c5bfddde mbs1/SRPMS/mediawiki-ldapauthentication-2.0f-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFTIZKGmqjQ0CJFipgRAjIFAKCLVeGKatrjL2G/cYBZKCkekZ+BrgCdGfjO\r\naivXRBBXbumCTNMTeujkTrc=\r\n=5vFM\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-05T00:00:00", "published": "2014-05-05T00:00:00", "id": "SECURITYVULNS:DOC:30625", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30625", "title": "[ MDVSA-2014:057 ] mediawiki", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2014-05-05T00:00:00", "published": "2014-05-05T00:00:00", "id": "SECURITYVULNS:VULN:13733", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13733", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:33:26", "bulletinFamily": "exploit", "description": "BUGTRAQ ID\uff1a65883 \r\nCVE ID\uff1aCVE-2014-2243 \r\n\r\nMediaWiki\u662f\u4e00\u6b3eWiki\u7a0b\u5e8f\u3002 \r\n\r\nMediaWiki\u7684includes/User.php\u811a\u672c'theloadFromSession'\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5b9e\u65bd\u66b4\u529b\u7834\u89e3\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4f1a\u8bdd\u4ee4\u724c\u7684\u8bbf\u95ee\u6743\u9650\u3002\n0\nMediaWiki Mediawiki &lt; 2.0.18\r\nMediaWiki Mediawiki &lt;= 1.19.11\r\nMediaWiki Mediawiki 1.20.x\r\nMediaWiki Mediawiki 1.21.x(&lt;1.21.6)\r\nMediaWiki Mediawiki 1.22.x(&lt;1.22.3\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMediaWiki\r\n-----\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\n \r\nhttp://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html", "modified": "2014-03-06T00:00:00", "published": "2014-03-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61666", "id": "SSV:61666", "type": "seebug", "title": "MediaWiki 'theloadFromSession'\u51fd\u6570\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T17:33:27", "bulletinFamily": "exploit", "description": "BUGTRAQ ID\uff1a65910 \r\nCVE ID\uff1aCVE-2014-2242 \r\n\r\nMediaWiki\u662f\u4e00\u6b3eWiki\u7a0b\u5e8f\u3002 \r\n\r\nMediaWiki 'includes/upload/UploadBase.php'\u811a\u672c\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9650\u5236SVG\u6587\u4ef6\u4f7f\u7528\u65e0\u6548\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4e0a\u4f20\u7279\u5236\u7684SVG\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002\n0\nMediaWiki Mediawiki &lt;= 1.19.11\r\nMediaWiki Mediawiki 1.20.x\r\nMediaWiki Mediawiki 1.21.x(&lt;1.21.6)\r\nMediaWiki Mediawiki 1.22.x(&lt;1.22.3\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMediaWiki\r\n-----\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\n\r\nhttp://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html", "modified": "2014-03-06T00:00:00", "published": "2014-03-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61667", "id": "SSV:61667", "type": "seebug", "title": "MediaWiki 'includes/upload/UploadBase.php'\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T17:33:30", "bulletinFamily": "exploit", "description": "BUGTRAQ ID\uff1a65906 \r\nCVE ID\uff1aCVE-2014-2244 \r\n\r\nMediaWiki\u662f\u4e00\u6b3eWiki\u7a0b\u5e8f\u3002 \r\n\r\nMediaWiki\u4e2d\u7684includes/api/ApiFormatBase.php\u811a\u672c\u7684'formatHTML'\u51fd\u6570\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406\u8ffd\u52a0\u5230api.php\u811a\u672c\u7684\u94fe\u63a5\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002\n0\nMediaWiki Mediawiki &lt; 2.0.18\r\nMediaWiki Mediawiki &lt;= 1.19.11\r\nMediaWiki Mediawiki 1.20.x\r\nMediaWiki Mediawiki 1.21.x(&lt;1.21.6)\r\nMediaWiki Mediawiki 1.22.x(&lt;1.22.3\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMediaWiki\r\n-----\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\n\r\nhttp://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html", "modified": "2014-03-06T00:00:00", "published": "2014-03-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61665", "id": "SSV:61665", "type": "seebug", "title": "MediaWiki 'formatHTML'\u51fd\u6570\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:30", "bulletinFamily": "unix", "description": "### Background\n\nMediaWiki is a collaborative editing software used by large projects such as Wikipedia. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers and MediaWiki announcement referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code with the privileges of the process, create a Denial of Service condition, obtain sensitive information, bypass security restrictions, and inject arbitrary web script or HTML. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MediaWiki 1.23 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/mediawiki-1.23.8\"\n \n\nAll MediaWiki 1.22 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/mediawiki-1.22.15\"\n \n\nAll MediaWiki 1.19 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/mediawiki-1.19.23\"", "modified": "2015-02-07T00:00:00", "published": "2015-02-07T00:00:00", "id": "GLSA-201502-04", "href": "https://security.gentoo.org/glsa/201502-04", "type": "gentoo", "title": "MediaWiki: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}