Lucene search
GoogleOSV:DSA-3100-1HistoryDec 12, 2014 - 12:00 a.m.
mediawiki - security update
2014-12-1200:00:00
Google
osv.dev
7
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
A flaw was discovered in mediawiki, a wiki engine: cross-domain-policy
mangling allows an article editor to inject code into API consumers
that deserialize PHP representations of the page from the API.
For the stable distribution (wheezy), this problem has been fixed in
version 1:1.19.20+dfsg-0+deb7u2.
We recommend that you upgrade your mediawiki packages.
References
Related
debian
debian
[SECURITY] [DSA 3100-1] mediawiki security update
2014-12-13 10:42:59
[SECURITY] [DSA 3100-1] mediawiki security update
2014-12-13 10:42:59
prion
prion
Design/Logic Flaw
2015-01-04 21:59:00
securityvulns
securityvulns
[SECURITY] [DSA 3100-1] mediawiki security update
2014-12-22 00:00:00
openvas
openvas
Debian Security Advisory DSA 3100-1 (mediawiki - security update)
2014-12-12 00:00:00
Debian: Security Advisory (DSA-3100-1)
2014-12-11 00:00:00
Mageia: Security Advisory (MGASA-2014-0506)
2022-01-28 00:00:00
cve
cve
CVE-2014-9277
2015-01-04 21:59:00
ubuntucve
ubuntucve
CVE-2014-9277
2015-01-04 00:00:00
nessus
nessus
Debian DSA-3100-1 : mediawiki - security update
2014-12-15 00:00:00
MediaWiki < 1.19.22 / 1.22.14 / 1.23.7 Multiple Vulnerabilities
2014-12-19 00:00:00
MediaWiki < 1.23.7 Multiple Vulnerabilities
2016-08-05 00:00:00
debiancve
debiancve
CVE-2014-9277
2015-01-04 21:59:00
mageia
mageia
Updated mediawiki packages fix security vulnerabilies
2014-12-03 22:27:32
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2015-02-07 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for OSV:DSA-3100-1