Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310901109
HistoryApr 29, 2010 - 12:00 a.m.

MediaWiki < 1.15.3, 1.16.x < 1.16.0beta2 'Login' CSRF Vulnerability

2010-04-2900:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
18

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

MediaWiki is prone to a cross-site request forgery (CSRF)
vulnerability.

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mediawiki:mediawiki";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.901109");
  script_version("2024-07-16T05:05:43+0000");
  script_cve_id("CVE-2010-1150");
  script_tag(name:"last_modification", value:"2024-07-16 05:05:43 +0000 (Tue, 16 Jul 2024)");
  script_tag(name:"creation_date", value:"2010-04-29 10:04:32 +0200 (Thu, 29 Apr 2010)");
  script_tag(name:"cvss_base", value:"6.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_name("MediaWiki < 1.15.3, 1.16.x < 1.16.0beta2 'Login' CSRF Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_mediawiki_http_detect.nasl");
  script_mandatory_keys("mediawiki/detected");

  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=580418");
  script_xref(name:"URL", value:"https://bugzilla.wikimedia.org/show_bug.cgi?id=23076");

  script_tag(name:"summary", value:"MediaWiki is prone to a cross-site request forgery (CSRF)
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The flaw is caused by improper validation of authenticated but
  unintended login attempt that allows attacker to conduct phishing attacks.");

  script_tag(name:"impact", value:"Successful exploitation will let the attacker cause CSRF attack
  and gain sensitive information.");

  script_tag(name:"affected", value:"MediaWiki versions prior to 1.15.3 and 1.16.x prior to
  1.16.0beta2.");

  script_tag(name:"solution", value:"Update to version 1.15.3, 1.16.0beta2 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! vers = get_app_version( cpe:CPE, port:port ) )
  exit( 0 );

if( version_is_less( version:vers, test_version:"1.15.3" ) ||
    version_in_range( version:vers, test_version:"1.16.0", test_version2:"1.16.0.beta1" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"1.15.3 or 1.16.0.beta2" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

debian 1
nessus 2
openvas 4
securityvulns 2
prion 1
cve 1
debiancve 1
freebsd 1
ubuntucve 1
cvelist 1
nvd 1
debian
debian
[SECURITY] [DSA-2041-1] New mediawiki packages fix cross-site request forgery
2010-05-04 00:25:46
nessus
nessus
FreeBSD : mediawiki -- authenticated CSRF vulnerability (694da5b4-5877-11df-8d80-0015587e2cc1)
2010-05-07 00:00:00
Debian DSA-2041-1 : mediawiki - Cross-Site Request Forgery
2010-05-05 00:00:00
openvas
openvas
MediaWiki < 1.15.3 CSRF Vulnerability
2010-04-12 00:00:00
Debian: Security Advisory (DSA-2041-1)
2023-03-08 00:00:00
FreeBSD Ports: mediawiki
2010-05-14 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA-2041-1] New mediawiki packages fix cross-site request forgery
2010-05-04 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2010-05-04 00:00:00
prion
prion
Cross site request forgery (csrf)
2010-04-20 15:30:00
cve
cve
CVE-2010-1150
2010-04-20 15:30:00
debiancve
debiancve
CVE-2010-1150
2010-04-20 15:30:00
freebsd
freebsd
mediawiki -- authenticated CSRF vulnerability
2010-04-07 00:00:00
ubuntucve
ubuntucve
CVE-2010-1150
2010-04-20 00:00:00
cvelist
cvelist
CVE-2010-1150
2010-04-20 15:00:00
nvd
nvd
CVE-2010-1150
2010-04-20 15:30:00

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON
Related for OPENVAS:1361412562310901109
debian1nessus2openvas4securityvulns2prion1cve1debiancve1freebsd1ubuntucve1cvelist1nvd1