Lucene search

K

[email protected]NVD:CVE-2014-1610

HistoryJan 30, 2014 - 11:55 p.m.

CVE-2014-1610

2014-01-3023:55:02

CWE-20

[email protected]

web.nvd.nist.gov

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.083 Low

EPSS

Percentile

94.4%

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

Affected configurations

NVD

Node

mediawikimediawikiMatch1.19.0

OR

mediawikimediawikiMatch1.19.1

OR

mediawikimediawikiMatch1.19.2

OR

mediawikimediawikiMatch1.19.3

OR

mediawikimediawikiMatch1.19.4

OR

mediawikimediawikiMatch1.19.5

OR

mediawikimediawikiMatch1.19.6

OR

mediawikimediawikiMatch1.19.7

OR

mediawikimediawikiMatch1.19.8

OR

mediawikimediawikiMatch1.19.9

OR

mediawikimediawikiMatch1.19.10

OR

mediawikimediawikiMatch1.21.1

OR

mediawikimediawikiMatch1.21.2

OR

mediawikimediawikiMatch1.21.3

OR

mediawikimediawikiMatch1.21.4

OR

mediawikimediawikiMatch1.22.0

OR

mediawikimediawikiMatch1.22.1

References

lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html

lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html

osvdb.org/102630

secunia.com/advisories/56695

secunia.com/advisories/57472

www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html

www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html

www.debian.org/security/2014/dsa-2891

www.exploit-db.com/exploits/31329/

www.osvdb.org/102631

www.securityfocus.com/bid/65223

www.securitytracker.com/id/1029707

bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff

bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff

bugzilla.wikimedia.org/show_bug.cgi?id=60339

gerrit.wikimedia.org/r/#/c/110069/

gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php

gerrit.wikimedia.org/r/#/c/110215/

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.083 Low

EPSS

Percentile

94.4%

Related for NVD:CVE-2014-1610

nessus7 zdt3 packetstorm2 prion1 cvelist1 seebug2 cve1 debiancve1 metasploit1 exploitpack1 ubuntucve1 checkpoint_advisories1 thn1 dsquare1 exploitdb2 openvas31 fedora23 mageia1 securityvulns2 debian3 osv1 gentoo1