Detections
Analytics
Mandriva Linux Security Advisory : mediawiki (MDVSA-2013:290)
medium Nessus Plugin ID 71510
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Updated mediawiki packages fix security vulnerabilities :Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist (CVE-2013-4567, CVE-2013-4568).
Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users (CVE-2013-4572).
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 71510
File Name: mandriva_MDVSA-2013-290.nasl
Version: 1.7
Type: local
Family: Mandriva Local Security Checks
Published: 12/18/2013
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.7
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:mediawiki, p-cpe:/a:mandriva:linux:mediawiki-mysql, p-cpe:/a:mandriva:linux:mediawiki-pgsql, p-cpe:/a:mandriva:linux:mediawiki-sqlite, cpe:/o:mandriva:business_server:1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 12/17/2013
Reference Information
CVE: CVE-2013-4567, CVE-2013-4568, CVE-2013-4572
MDVSA: 2013:290