Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MEDIAWIKI_1_27_1.NASL
HistoryAug 29, 2016 - 12:00 a.m.

MediaWiki 1.23.x < 1.23.15 / 1.26.x < 1.26.4 / 1.27.x < 1.27.1 Multiple Vulnerabilities

2016-08-2900:00:00
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
39
JSON

According to its version number, the MediaWiki application running on the remote web server is 1.23.x prior to 1.23.15, 1.26.x prior to 1.26.4, or 1.27.x prior to 1.27.1. It is, therefore, affected by the following vulnerabilities :

  • An information disclosure vulnerability exists in the ApiParse.php script due to improper checking of read permissions when loading page content. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2016-6331)

  • A security bypass vulnerability exists due to a failure to timeout a user’s session after it has been blocked.
    An authenticated, remote attacker can exploit this to bypass block features. (CVE-2016-6332)

  • A cross-site request forgery vulnerability (XSRF) exists in the OutputPage.php script due to a failure to require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to perform arbitrary edits to CSS content. (CVE-2016-6333)

  • A cross-site scripting (XSS) vulnerability exists in the Html.php script due to improper validation of user-supplied input when handling improper inline style blocks via the CSS user subpage preview feature. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user’s browser session. (CVE-2016-6333)

  • A cross-site scripting (XSS) vulnerability exists in the Parser.php script due to improper validation of input to unclosed internal links. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user’s browser session. (CVE-2016-6334)

  • A flaw exists in the ApiParse.php script due to head items not being properly generated in the context of a title. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-6335)

  • A flaw exists in the LocalFile.php script that allows an authenticated, remote attacker to bypass suppressed viewing restrictions by deleting a file and then undeleting a specific revision of it. (CVE-2016-6336)

  • A security bypass vulnerability exists in the User.php script due to improper handling of extension hook functions. An unauthenticated, remote attacker can exploit this to bypass permission restrictions. Note that this vulnerability affects 1.27.x only.
    (CVE-2016-6337)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(93195);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2016-6331",
    "CVE-2016-6332",
    "CVE-2016-6333",
    "CVE-2016-6334",
    "CVE-2016-6335",
    "CVE-2016-6336",
    "CVE-2016-6337"
  );

  script_name(english:"MediaWiki 1.23.x < 1.23.15 / 1.26.x < 1.26.4 / 1.27.x < 1.27.1 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote web server is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the MediaWiki application running on
the remote web server is 1.23.x prior to 1.23.15, 1.26.x prior to
1.26.4, or 1.27.x prior to 1.27.1. It is, therefore, affected by the
following vulnerabilities :

  - An information disclosure vulnerability exists in the
    ApiParse.php script due to improper checking of read
    permissions when loading page content. An
    unauthenticated, remote attacker can exploit this to
    disclose sensitive information. (CVE-2016-6331)

  - A security bypass vulnerability exists due to a failure
    to timeout a user's session after it has been blocked.
    An authenticated, remote attacker can exploit this to
    bypass block features. (CVE-2016-6332)

  - A cross-site request forgery vulnerability (XSRF) exists
    in the OutputPage.php script due to a failure to require
    multiple steps, explicit confirmation, or a unique token
    when performing certain sensitive actions. An
    unauthenticated, remote attacker can exploit this, by
    convincing a user to follow a specially crafted link, to
    perform arbitrary edits to CSS content. (CVE-2016-6333)

  - A cross-site scripting (XSS) vulnerability exists in the
    Html.php script due to improper validation of
    user-supplied input when handling improper inline style
    blocks via the CSS user subpage preview feature. An
    unauthenticated, remote attacker can exploit this, via a
    specially crafted request, to execute arbitrary script
    code in a user's browser session. (CVE-2016-6333)

  - A cross-site scripting (XSS) vulnerability exists in the
    Parser.php script due to improper validation of input to
    unclosed internal links. An unauthenticated, remote
    attacker can exploit this, via a specially crafted
    request, to execute arbitrary script code in a user's
    browser session. (CVE-2016-6334)

  - A flaw exists in the ApiParse.php script due to head
    items not being properly generated in the context of a
    title. An unauthenticated, remote attacker can exploit
    this to have an unspecified impact. (CVE-2016-6335)

  - A flaw exists in the LocalFile.php script that allows an
    authenticated, remote attacker to bypass suppressed
    viewing restrictions by deleting a file and then
    undeleting a specific revision of it. (CVE-2016-6336)

  - A security bypass vulnerability exists in the User.php
    script due to improper handling of extension hook
    functions. An unauthenticated, remote attacker can
    exploit this to bypass permission restrictions. Note
    that this vulnerability affects 1.27.x only.
    (CVE-2016-6337)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8b9ed785");
  script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.15");
  script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.26#MediaWiki_1.26.4");
  script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.27#MediaWiki_1.27.1");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MediaWiki version 1.23.15 / 1.26.4 / 1.27.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:X");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6337");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/29");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mediawiki:mediawiki");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mediawiki_detect.nasl");
  script_require_keys("Settings/ParanoidReport", "installed_sw/MediaWiki");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

app = "MediaWiki";
get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:80, php:TRUE);

install = get_single_install(
  app_name : app,
  port     : port,
  exit_if_unknown_ver : TRUE
);

version = install['version'];
install_url = build_url(qs:install['path'], port:port);

if (
  version =~ "^1\.23\.([0-9]|1[0-4])([^0-9]|$)" ||
  version =~ "^1\.26\.[0-3]([^0-9]|$)" ||
  version =~ "^1\.27\.0([^0-9]|$)"
)
{
  report =
    '\n  URL               : ' + install_url +
    '\n  Installed version : ' + version +
    '\n  Fixed versions    : 1.23.15 / 1.26.4 / 1.27.1' + '\n';
  security_report_v4(severity:SECURITY_WARNING, port:port, extra:report, xss:TRUE, xsrf:TRUE);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
VendorProductVersionCPE
mediawikimediawikicpe:/a:mediawiki:mediawiki

Related

archlinux 1
openvas 6
mageia 1
fedora 3
ubuntucve 7
nessus 3
debiancve 7
prion 7
cve 7
osv 7
archlinux
archlinux
mediawiki: multiple issues
2016-08-26 00:00:00
openvas
openvas
MediaWiki Multiple Vulnerabilities (Aug 2016) - Linux
2017-04-21 00:00:00
MediaWiki Multiple Vulnerabilities (Aug 2016) - Windows
2017-04-21 00:00:00
Mageia: Security Advisory (MGASA-2016-0305)
2022-01-28 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerability
2016-09-16 12:27:13
fedora
fedora
[SECURITY] Fedora 23 Update: mediawiki-1.26.4-1.fc23
2016-09-07 01:51:51
[SECURITY] Fedora 25 Update: mediawiki-1.27.1-1.fc25
2016-09-06 18:37:55
[SECURITY] Fedora 24 Update: mediawiki-1.26.4-1.fc24
2016-09-06 22:27:55
ubuntucve
ubuntucve
CVE-2016-6331
2017-04-20 00:00:00
CVE-2016-6333
2017-04-20 00:00:00
CVE-2016-6334
2017-04-20 00:00:00
nessus
nessus
Fedora 24 : mediawiki (2016-af3b0af887)
2016-09-08 00:00:00
Fedora 23 : mediawiki (2016-ce1678471e)
2016-09-08 00:00:00
Fedora 25 : mediawiki (2016-9299ce1c7d)
2016-11-15 00:00:00
debiancve
debiancve
CVE-2016-6331
2017-04-20 17:59:00
CVE-2016-6334
2017-04-20 17:59:00
CVE-2016-6336
2017-04-20 17:59:00
prion
prion
Cross site scripting
2017-04-20 17:59:00
Design/Logic Flaw
2017-04-20 17:59:00
Cross site scripting
2017-04-20 17:59:00
cve
cve
CVE-2016-6334
2017-04-20 17:59:00
CVE-2016-6333
2017-04-20 17:59:00
CVE-2016-6331
2017-04-20 17:59:00
osv
osv
CVE-2016-6334
2017-04-20 17:59:00
CVE-2016-6337
2017-04-20 17:59:00
CVE-2016-6331
2017-04-20 17:59:00
JSON
Related for MEDIAWIKI_1_27_1.NASL
archlinux1openvas6mageia1fedora3ubuntucve7nessus3debiancve7prion7cve7osv7