FreeBSD : mediawiki -- hardcoded placeholder string security bypass vulnerability (99015cf5-c4dd-11da-b2fb-000e0c2e438a)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The mediawiki development team reports a vulnerability within the
mediawiki application. The vulnerability is caused by improper
checking of inline style attributes. This could result in the
execution of arbitrary JavaScript code in Microsoft Internet Explorer.
It appears that other browsers are not affected by this vulnerability.

See also :

http://sourceforge.net/project/shownotes.php?release_id=379951
http://www.nessus.org/u?773fa0dd

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21482 (freebsd_pkg_99015cf5c4dd11dab2fb000e0c2e438a.nasl)

Bugtraq ID: 16032

CVE ID: CVE-2005-4501

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now