FreeBSD : mediawiki -- multiple vulnerabilities (b50f53ce-2151-11e6-8dd3-002590263bf5)

high Nessus Plugin ID 91304

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

MediaWiki reports :

Security fixes :

T122056: Old tokens are remaining valid within a new session

T127114: Login throttle can be tricked using non-canonicalized usernames

T123653: Cross-domain policy regexp is too narrow

T123071: Incorrectly identifying http link in a's href attributes, due to m modifier in regex

T129506: MediaWiki:Gadget-popups.js isn't renderable

T125283: Users occasionally logged in as different users after SessionManager deployment

T103239: Patrol allows click catching and patrolling of any page

T122807: [tracking] Check php crypto primatives

T98313: Graphs can leak tokens, leading to CSRF

T130947: Diff generation should use PoolCounter

T133507: Careless use of $wgExternalLinkTarget is insecure

T132874: API action=move is not rate limited

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?937cb355

http://www.nessus.org/u?3fd7a84c

Plugin Details

Severity: High

ID: 91304

File Name: freebsd_pkg_b50f53ce215111e68dd3002590263bf5.nasl

Version: 2.3

Type: local

Published: 5/24/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mediawiki123, p-cpe:/a:freebsd:freebsd:mediawiki124, p-cpe:/a:freebsd:freebsd:mediawiki125, p-cpe:/a:freebsd:freebsd:mediawiki126, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/24/2016

Vulnerability Publication Date: 5/20/2016