ID UB:CVE-2012-5391 Type ubuntucve Reporter ubuntu.com Modified 2014-06-02T00:00:00
Description
Session fixation vulnerability in Special:UserLogin in MediaWiki before
1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote
attackers to hijack web sessions via the session_id.
{"nessus": [{"lastseen": "2021-08-19T12:55:42", "description": "Bring mediawiki up to date to fix multiple bugs, security holes, and bring new features.\n\nThe package should automatically attempt to upgrade your wiki, but please make sure to perform backups before updating. Special care may be required for MySQL based wikis. See bug 845818.\n\nRead the main mediawiki website for Release Notes for 1.17, 1.18, and 1.19.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-03-22T00:00:00", "type": "nessus", "title": "Fedora 17 : mediawiki-1.19.4-2.fc17 (2013-3227)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5391"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mediawiki", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-3227.NASL", "href": "https://www.tenable.com/plugins/nessus/65645", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-3227.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65645);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5391\");\n script_bugtraq_id(58019);\n script_xref(name:\"FEDORA\", value:\"2013-3227\");\n\n script_name(english:\"Fedora 17 : mediawiki-1.19.4-2.fc17 (2013-3227)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bring mediawiki up to date to fix multiple bugs, security holes, and\nbring new features.\n\nThe package should automatically attempt to upgrade your wiki, but\nplease make sure to perform backups before updating. Special care may\nbe required for MySQL based wikis. See bug 845818.\n\nRead the main mediawiki website for Release Notes for 1.17, 1.18, and\n1.19.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=882325\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11e9efba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"mediawiki-1.19.4-2.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:55:34", "description": "Bring mediawiki up to date to fix multiple bugs, security holes, and bring new features.\n\nThe package should automatically attempt to upgrade your wiki, but please make sure to perform backups before updating. Special care may be required for MySQL based wikis. See bug 845818.\n\nRead the main mediawiki website for Release Notes for 1.17, 1.18, and 1.19.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-03-22T00:00:00", "type": "nessus", "title": "Fedora 18 : mediawiki-1.19.4-2.fc18 (2013-3265)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5391"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mediawiki", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-3265.NASL", "href": "https://www.tenable.com/plugins/nessus/65646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-3265.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65646);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5391\");\n script_bugtraq_id(58019);\n script_xref(name:\"FEDORA\", value:\"2013-3265\");\n\n script_name(english:\"Fedora 18 : mediawiki-1.19.4-2.fc18 (2013-3265)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bring mediawiki up to date to fix multiple bugs, security holes, and\nbring new features.\n\nThe package should automatically attempt to upgrade your wiki, but\nplease make sure to perform backups before updating. Special care may\nbe required for MySQL based wikis. See bug 845818.\n\nRead the main mediawiki website for Release Notes for 1.17, 1.18, and\n1.19.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=882325\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?49f58b5b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mediawiki-1.19.4-2.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:55:55", "description": "Rebase to version 1.19.3.\n\nFixes CVE-2012-5391 amongst other bugfixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-02-19T00:00:00", "type": "nessus", "title": "Fedora 18 : mediawiki119-1.19.3-3.fc18 (2013-2090)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5391"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mediawiki119", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-2090.NASL", "href": "https://www.tenable.com/plugins/nessus/64674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-2090.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64674);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5391\");\n script_xref(name:\"FEDORA\", value:\"2013-2090\");\n\n script_name(english:\"Fedora 18 : mediawiki119-1.19.3-3.fc18 (2013-2090)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to version 1.19.3.\n\nFixes CVE-2012-5391 amongst other bugfixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=885016\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f7b20a0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mediawiki119 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mediawiki119\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mediawiki119-1.19.3-3.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mediawiki119\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:14:31", "description": "According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities :\n\n - MediaWiki core is vulnerable to session fixation attacks that allow an attacker to compromise another user's account. (CVE-2012-5391)\n\n - The MediaWiki CentralAuth Extension is vulnerable to session fixation attacks. (CVE-2012-5395)\n\n - An API feature in version 1.20 allows for HTML code to be injected in the 'editfont' option, resulting in cross-site scripting (XSS).\n\n - A PCRE backtrack limit can be exceeded causing history pages to fail to display.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2012-12-14T00:00:00", "type": "nessus", "title": "MediaWiki < 1.18.6 / 1.19.3 / 1.20.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5391", "CVE-2012-5395"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:mediawiki:mediawiki"], "id": "MEDIAWIKI_1_18_6.NASL", "href": "https://www.tenable.com/plugins/nessus/63267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63267);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2012-5391\", \"CVE-2012-5395\");\n script_bugtraq_id(56714, 58019, 68235);\n\n script_name(english:\"MediaWiki < 1.18.6 / 1.19.3 / 1.20.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the instance of MediaWiki running on\nthe remote host is affected by multiple security vulnerabilities :\n\n - MediaWiki core is vulnerable to session fixation attacks\n that allow an attacker to compromise another user's\n account. (CVE-2012-5391)\n\n - The MediaWiki CentralAuth Extension is vulnerable to\n session fixation attacks. (CVE-2012-5395)\n\n - An API feature in version 1.20 allows for HTML code to\n be injected in the 'editfont' option, resulting in\n cross-site scripting (XSS).\n\n - A PCRE backtrack limit can be exceeded causing history\n pages to fail to display.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cba6a61e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.18#MediaWiki_1.18.6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.20#MediaWiki_1.20.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MediaWiki version 1.18.6 / 1.19.3 / 1.20.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/14\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mediawiki:mediawiki\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mediawiki_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/MediaWiki\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"MediaWiki\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\nversion = install['version'];\ninstall_url = build_url(qs:install['path'], port:port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n (version =~ \"^1\\.([0-9]|1[0-7])\\.\") ||\n (version =~ \"^1\\.18\\.([0-5]([^0-9]|$)|6[^0-9])\") ||\n (version =~ \"^1\\.19\\.([0-2]([^0-9]|$)|3[^0-9])\") ||\n (version =~ \"^1\\.20\\.(0([^0-9]|$)|1[^0-9])\")\n)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed versions : 1.18.6 / 1.19.3 / 1.20.1' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-22T13:09:47", "description": "Check for the Version of mediawiki", "cvss3": {}, "published": "2013-03-22T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2013-3265", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5391"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:865486", "href": "http://plugins.openvas.org/nasl.php?oid=865486", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2013-3265\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"MediaWiki is the software used for Wikipedia and the other Wikimedia\n Foundation websites. Compared to other wikis, it has an excellent\n range of features and support for high-traffic websites using multiple\n servers\n\n This package supports wiki farms. Read the instructions for creating wiki\n instances under /usr/share/doc/mediawiki-1.19.4/README.RPM.\n Remember to remove the config dir after completing the configuration.\";\n\n\ntag_affected = \"mediawiki on Fedora 18\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html\");\n script_id(865486);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:37:09 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2012-5391\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-3265\");\n script_name(\"Fedora Update for mediawiki FEDORA-2013-3265\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mediawiki\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.19.4~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:09:44", "description": "Check for the Version of mediawiki", "cvss3": {}, "published": "2013-03-22T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2013-3227", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5391"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:865491", "href": "http://plugins.openvas.org/nasl.php?oid=865491", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2013-3227\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"MediaWiki is the software used for Wikipedia and the other Wikimedia\n Foundation websites. Compared to other wikis, it has an excellent\n range of features and support for high-traffic websites using multiple\n servers\n\n This package supports wiki farms. Read the instructions for creating\n wiki instances under /usr/share/doc/mediawiki-1.19.4/README.RPM.\n Remember to remove the config dir after completing the configuration.\";\n\n\ntag_affected = \"mediawiki on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html\");\n script_id(865491);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:39:51 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2012-5391\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-3227\");\n script_name(\"Fedora Update for mediawiki FEDORA-2013-3227\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mediawiki\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.19.4~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-22T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2013-3265", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5391"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865486", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865486", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2013-3265\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865486\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:37:09 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2012-5391\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-3265\");\n script_name(\"Fedora Update for mediawiki FEDORA-2013-3265\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.19.4~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki119 FEDORA-2013-2090", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5391"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865380", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865380", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki119 FEDORA-2013-2090\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865380\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 10:00:09 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-5391\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-2090\");\n script_name(\"Fedora Update for mediawiki119 FEDORA-2013-2090\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki119'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"mediawiki119 on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki119\", rpm:\"mediawiki119~1.19.3~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-24T11:09:22", "description": "Check for the Version of mediawiki119", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki119 FEDORA-2013-2090", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5391"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:865380", "href": "http://plugins.openvas.org/nasl.php?oid=865380", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki119 FEDORA-2013-2090\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"mediawiki119 on Fedora 18\";\ntag_insight = \"MediaWiki is the software used for Wikipedia and the other Wikimedia\n Foundation websites. Compared to other wikis, it has an excellent\n range of features and support for high-traffic websites using multiple\n servers\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html\");\n script_id(865380);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 10:00:09 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-5391\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-2090\");\n script_name(\"Fedora Update for mediawiki119 FEDORA-2013-2090\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mediawiki119\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki119\", rpm:\"mediawiki119~1.19.3~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-22T00:00:00", "type": "openvas", "title": "Fedora Update for mediawiki FEDORA-2013-3227", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5391"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865491", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865491", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mediawiki FEDORA-2013-3227\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865491\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:39:51 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2012-5391\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-3227\");\n script_name(\"Fedora Update for mediawiki FEDORA-2013-3227\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mediawiki'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mediawiki on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.19.4~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki i nstances under /usr/share/doc/mediawiki-1.19.4/README.RPM. Remember to remove the config dir after completing the configuration. ", "edition": 2, "cvss3": {}, "published": "2013-03-22T00:47:24", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: mediawiki-1.19.4-2.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5391"], "modified": "2013-03-22T00:47:24", "id": "FEDORA:2A65121AA3", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki i nstances under /usr/share/doc/mediawiki-1.19.4/README.RPM. Remember to remove the config dir after completing the configuration. ", "edition": 2, "cvss3": {}, "published": "2013-03-22T00:45:33", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mediawiki-1.19.4-2.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5391"], "modified": "2013-03-22T00:45:33", "id": "FEDORA:2D03221A1B", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers ", "edition": 2, "cvss3": {}, "published": "2013-02-19T01:34:22", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: mediawiki119-1.19.3-3.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5391"], "modified": "2013-02-19T01:34:22", "id": "FEDORA:E9AD5211BB", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-04-04T14:21:56", "description": "Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.", "cvss3": {}, "published": "2014-06-02T15:55:00", "type": "debiancve", "title": "CVE-2012-5391", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5391"], "modified": "2014-06-02T15:55:00", "id": "DEBIANCVE:CVE-2012-5391", "href": "https://security-tracker.debian.org/tracker/CVE-2012-5391", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:45:07", "description": "BUGTRAQ ID: 58019\r\nCVE(CAN) ID: CVE-2012-5391\r\n\r\nMediaWiki\u662f\u8457\u540d\u7684wiki\u7a0b\u5e8f\uff0c\u8fd0\u884c\u4e8ePHP+MySQL\u73af\u5883\u3002\r\n\r\nMediaWiki 1.20\u53ca\u5176\u4ed6\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u4f1a\u8bdd\u56fa\u5b9a\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u52ab\u6301\u4efb\u610f\u4f1a\u8bdd\uff0c\u83b7\u53d6\u672a\u6388\u6743\u8bbf\u95ee\u6743\u9650\u7b49\u3002\r\n0\r\nMediaWiki 1.20\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMediaWiki\r\n---------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://wikipedia.sourceforge.net/", "cvss3": {}, "published": "2013-02-22T00:00:00", "title": "MediaWiki \u4f1a\u8bdd\u56fa\u5b9a\u6f0f\u6d1e(CVE-2012-5391)", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-5391"], "modified": "2013-02-22T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60640", "id": "SSV:60640", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T13:15:07", "description": "Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.", "cvss3": {}, "published": "2014-06-02T15:55:00", "type": "cve", "title": "CVE-2012-5391", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5391"], "modified": "2017-08-29T01:32:00", "cpe": ["cpe:/a:mediawiki:mediawiki:1.19", "cpe:/a:mediawiki:mediawiki:1.18.1", "cpe:/a:mediawiki:mediawiki:1.19.1", "cpe:/a:mediawiki:mediawiki:1.18.5", "cpe:/a:mediawiki:mediawiki:1.19.2", "cpe:/a:mediawiki:mediawiki:1.20", "cpe:/a:mediawiki:mediawiki:1.18.3", "cpe:/a:mediawiki:mediawiki:1.18.0", "cpe:/a:mediawiki:mediawiki:1.18", "cpe:/a:mediawiki:mediawiki:1.18.2", "cpe:/a:mediawiki:mediawiki:1.18.4"], "id": "CVE-2012-5391", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5391", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*"]}]}
