Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2015-122A831A05.NASL
HistoryJul 14, 2016 - 12:00 a.m.

Fedora 22 : mediawiki (2015-122a831a05)

2016-07-1400:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

  • (T94116) SECURITY: Compare API watchlist token in constant time

    • (T97391) SECURITY: Escape error message strings in thumb.php

    • (T106893) SECURITY: Don’t leak autoblocked IP addresses on Special:DeletedContributions

    • (T102562) Fix InstantCommons parameters to handle the new HTTPS-only policy of Wikimedia Commons.

    • (T100767) Setting a configuration setting for skin or extension to false in LocalSettings.php was not working.

    • (T100635) API action=opensearch json output no longer breaks when $wgDebugToolbar is enabled.

    • (T102522) Using an extension.json or skin.json file which has a ‘manifest_version’ property for 1.26 compatability will no longer trigger warnings.

    • (T86156) Running updateSearchIndex.php will not throw an error as page_restrictions has been added to the locked table list.

    • Special:Version would throw notices if using SVN due to an incorrectly named variable. Add an additional check that an index is defined.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2015-122a831a05.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(92047);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-7444");
  script_xref(name:"FEDORA", value:"2015-122a831a05");

  script_name(english:"Fedora 22 : mediawiki (2015-122a831a05)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - (T94116) SECURITY: Compare API watchlist token in
    constant time

  - (T97391) SECURITY: Escape error message strings in
    thumb.php

  - (T106893) SECURITY: Don't leak autoblocked IP addresses
    on Special:DeletedContributions

  - (T102562) Fix InstantCommons parameters to handle the
    new HTTPS-only policy of Wikimedia Commons.

  - (T100767) Setting a configuration setting for skin or
    extension to false in LocalSettings.php was not working.

  - (T100635) API action=opensearch json output no longer
    breaks when $wgDebugToolbar is enabled.

  - (T102522) Using an extension.json or skin.json file
    which has a 'manifest_version' property for 1.26
    compatability will no longer trigger warnings.

  - (T86156) Running updateSearchIndex.php will not throw an
    error as page_restrictions has been added to the locked
    table list.

  - Special:Version would throw notices if using SVN due to
    an incorrectly named variable. Add an additional check
    that an index is defined.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2015-122a831a05"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected mediawiki package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mediawiki");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/09/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC22", reference:"mediawiki-1.25.2-2.fc22")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mediawiki");
}
VendorProductVersionCPE
fedoraprojectfedoramediawikip-cpe:/a:fedoraproject:fedora:mediawiki
fedoraprojectfedora22cpe:/o:fedoraproject:fedora:22

Related

cve 1
debiancve 1
prion 1
ubuntucve 1
nessus 3
openvas 2
fedora 3
freebsd 1
cve
cve
CVE-2013-7444
2015-09-01 14:59:00
debiancve
debiancve
CVE-2013-7444
2015-09-01 14:59:00
prion
prion
Code injection
2015-09-01 14:59:00
ubuntucve
ubuntucve
CVE-2013-7444
2015-09-01 00:00:00
nessus
nessus
MediaWiki < 1.19.20 / 1.22.12 / 1.23.5 Multiple Vulnerabilities
2016-08-05 00:00:00
FreeBSD : mediawiki -- multiple vulnerabilities (6241b5df-42a1-11e5-93ad-002590263bf5)
2015-08-17 00:00:00
Fedora 23 : mediawiki-1.25.2-2.fc23 (2015-13920)
2015-08-31 00:00:00
openvas
openvas
MediaWiki Multiple Vulnerabilities (Sep 2015) - Windows
2017-03-09 00:00:00
MediaWiki Multiple Vulnerabilities (Sep 2015) - Linux
2017-03-09 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: mediawiki-1.25.2-2.fc23
2015-08-28 17:38:31
[SECURITY] Fedora 22 Update: mediawiki-1.25.2-2.fc22
2015-09-03 18:53:15
[SECURITY] Fedora 21 Update: mediawiki-1.24.3-1.fc21
2015-09-03 18:52:14
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2015-08-10 00:00:00
JSON
Related for FEDORA_2015-122A831A05.NASL
cve1debiancve1prion1ubuntucve1nessus3openvas2fedora3freebsd1