Lucene search

[email protected]NVD:CVE-2014-5243

HistoryAug 22, 2014 - 5:55 p.m.

CVE-2014-5243

2014-08-2217:55:02

CWE-20

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.2%

JSON

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Affected configurations

NVD

Node

mediawikimediawikiRange≤1.19.17

mediawikimediawikiMatch1.19

mediawikimediawikiMatch1.19beta_1

mediawikimediawikiMatch1.19beta_2

mediawikimediawikiMatch1.19.0

mediawikimediawikiMatch1.19.1

mediawikimediawikiMatch1.19.2

mediawikimediawikiMatch1.19.3

mediawikimediawikiMatch1.19.4

mediawikimediawikiMatch1.19.5

mediawikimediawikiMatch1.19.6

mediawikimediawikiMatch1.19.7

mediawikimediawikiMatch1.19.8

mediawikimediawikiMatch1.19.9

mediawikimediawikiMatch1.19.10

mediawikimediawikiMatch1.19.11

mediawikimediawikiMatch1.19.12

mediawikimediawikiMatch1.19.13

mediawikimediawikiMatch1.19.14

mediawikimediawikiMatch1.19.15

mediawikimediawikiMatch1.19.16

mediawikimediawikiMatch1.20.1

mediawikimediawikiMatch1.20.2

mediawikimediawikiMatch1.20.3

mediawikimediawikiMatch1.20.4

mediawikimediawikiMatch1.20.5

mediawikimediawikiMatch1.20.6

mediawikimediawikiMatch1.20.7

mediawikimediawikiMatch1.20.8

mediawikimediawikiMatch1.21.1

mediawikimediawikiMatch1.21.2

mediawikimediawikiMatch1.21.3

mediawikimediawikiMatch1.21.4

mediawikimediawikiMatch1.21.5

mediawikimediawikiMatch1.21.6

mediawikimediawikiMatch1.21.7

mediawikimediawikiMatch1.21.8

mediawikimediawikiMatch1.21.9

mediawikimediawikiMatch1.21.10

mediawikimediawikiMatch1.22.0

mediawikimediawikiMatch1.22.1

mediawikimediawikiMatch1.22.2

mediawikimediawikiMatch1.22.3

mediawikimediawikiMatch1.22.4

mediawikimediawikiMatch1.22.5

mediawikimediawikiMatch1.22.6

mediawikimediawikiMatch1.22.7

mediawikimediawikiMatch1.22.8

mediawikimediawikiMatch1.23.0

mediawikimediawikiMatch1.23.1

References

advisories.mageia.org/MGASA-2014-0309.html

openwall.com/lists/oss-security/2014/08/14/5

secunia.com/advisories/59738

www.debian.org/security/2014/dsa-3011

www.mandriva.com/security/advisories?name=MDVSA-2014:153

bugzilla.wikimedia.org/show_bug.cgi?id=65778

lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.2%

JSON

Related for NVD:CVE-2014-5243

ubuntucve1 prion1 cvelist1 cve1 debiancve1 openvas6 osv1 debian2 nessus5 securityvulns2 mageia1 fedora2 gentoo1