FreeBSD : mediawiki -- two security vulnerabilities (fc55e396-6deb-11df-8b8e-000c29ba66d2)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Two security vulnerabilities were discovered :

Noncompliant CSS parsing behaviour in Internet Explorer allows
attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer.

A CSRF vulnerability was discovered in our login interface. Although
regular logins are protected as of 1.15.3, it was discovered that the
account creation and password reset reset features were not protected
from CSRF. This could lead to unauthorised access to private wikis.

See also :

http://www.nessus.org/u?0bb6e7a5
http://www.nessus.org/u?c0cefc51

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 46767 (freebsd_pkg_fc55e3966deb11df8b8e000c29ba66d2.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now