Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MEDIAWIKI_1_23_7.NASL
HistoryDec 19, 2014 - 12:00 a.m.

MediaWiki < 1.19.22 / 1.22.14 / 1.23.7 Multiple Vulnerabilities

2014-12-1900:00:00
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

According to its version number, the MediaWiki application running on the remote host is affected by the following vulnerabilities :

  • An input validation error exists related to handling previews of wikitext that allows cross-site scripting attacks. (CVE-2014-9276)

  • An input validation error exists related to flash policy mangling, API clients, and ‘format=php’ that allows cross-site scripting. (CVE-2014-9277)

  • An error exists related to ‘content model’ editing that allows a remote, unprivileged attacker to modify a user’s ‘common.js’ file. (Bug 70901)

  • An error exists related to deleting an entry. The ‘DELETED_ACTION’ and the action ‘revdeleted’ allows information disclosure via log files. (Bug 72222)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(80121);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2014-9276", "CVE-2014-9277");
  script_bugtraq_id(71473);

  script_name(english:"MediaWiki < 1.19.22 / 1.22.14 / 1.23.7 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains an application that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the MediaWiki application running on
the remote host is affected by the following vulnerabilities :

  - An input validation error exists related to handling
    previews of wikitext that allows cross-site scripting
    attacks. (CVE-2014-9276)

  - An input validation error exists related to flash policy
    mangling, API clients, and 'format=php' that allows
    cross-site scripting. (CVE-2014-9277)

  - An error exists related to 'content model' editing that
    allows a remote, unprivileged attacker to modify a
    user's 'common.js' file. (Bug 70901)

  - An error exists related to deleting an entry. The
    'DELETED_ACTION' and the action 'revdeleted' allows
    information disclosure via log files. (Bug 72222)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7796737d");
  script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.22");
  script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.22#MediaWiki_1.22.14");
  script_set_attribute(attribute:"see_also", value:"http://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.7");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MediaWiki version 1.19.22 / 1.22.14 / 1.23.7 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-9277");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/19");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mediawiki:mediawiki");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mediawiki_detect.nasl");
  script_require_keys("Settings/ParanoidReport", "installed_sw/MediaWiki", "www/PHP");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

app = "MediaWiki";
get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:80, php:TRUE);

install = get_single_install(
  app_name : app,
  port     : port,
  exit_if_unknown_ver : TRUE
);
version = install['version'];
install_url = build_url(qs:install['path'], port:port);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

if (
  version =~ "^1\.19\.(\d|1\d|2[01])([^0-9]|$)" ||
  version =~ "^1\.22\.(\d|1[0-3])([^0-9]|$)"  ||
  version =~ "^1\.23\.[0-6]([^0-9]|$)"
)
{
  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);

  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' + install_url +
      '\n  Installed version : ' + version +
      '\n  Fixed versions    : 1.19.22 / 1.22.14 / 1.23.7' +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
VendorProductVersionCPE
mediawikimediawikicpe:/a:mediawiki:mediawiki

Related

mageia 1
nessus 4
openvas 4
securityvulns 2
ubuntucve 2
cve 2
debiancve 2
debian 2
prion 2
osv 1
gentoo 1
mageia
mageia
Updated mediawiki packages fix security vulnerabilies
2014-12-03 22:27:32
nessus
nessus
MediaWiki < 1.23.7 Multiple Vulnerabilities
2016-08-05 00:00:00
Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:241)
2014-12-15 00:00:00
Debian DSA-3100-1 : mediawiki - security update
2014-12-15 00:00:00
openvas
openvas
Debian Security Advisory DSA 3100-1 (mediawiki - security update)
2014-12-12 00:00:00
Debian Security Advisory DSA 3100-1 (mediawiki - security update)
2014-12-12 00:00:00
MediaWiki ExpandTemplates extension Multiple Vulnerabilities - Jan15
2015-01-23 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3100-1] mediawiki security update
2014-12-22 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-12-22 00:00:00
ubuntucve
ubuntucve
CVE-2014-9277
2015-01-04 00:00:00
CVE-2014-9276
2015-01-04 00:00:00
cve
cve
CVE-2014-9277
2015-01-04 21:59:00
CVE-2014-9276
2015-01-04 21:59:00
debiancve
debiancve
CVE-2014-9277
2015-01-04 21:59:00
CVE-2014-9276
2015-01-04 21:59:00
debian
debian
[SECURITY] [DSA 3100-1] mediawiki security update
2014-12-13 10:42:59
[SECURITY] [DSA 3100-1] mediawiki security update
2014-12-13 10:42:59
prion
prion
Cross site request forgery (csrf)
2015-01-04 21:59:00
Design/Logic Flaw
2015-01-04 21:59:00
osv
osv
mediawiki - security update
2014-12-12 00:00:00
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2015-02-07 00:00:00
JSON
Related for MEDIAWIKI_1_23_7.NASL
mageia1nessus4openvas4securityvulns2ubuntucve2cve2debiancve2debian2prion2osv1gentoo1