FreeBSD : mediawiki -- multiple vulnerabilities (b973a763-7936-11e5-a2a1-002590263bf5)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

MediaWiki reports :

Wikipedia user RobinHood70 reported two issues in the chunked upload
API. The API failed to correctly stop adding new chunks to the upload
when the reported size was exceeded (T91203), allowing a malicious
users to upload add an infinite number of chunks for a single file
upload. Additionally, a malicious user could upload chunks of 1 byte
for very large files, potentially creating a very large number of
files on the server's filesystem (T91205).

Internal review discovered that it is not possible to throttle file

Internal review discovered a missing authorization check when removing
suppression from a revision. This allowed users with the
'viewsuppressed' user right but not the appropriate 'suppressrevision'
user right to unsuppress revisions.

Richard Stanway from reported that thumbnails of PNG
files generated with ImageMagick contained the local file path in the
image metadata.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86554 ()

Bugtraq ID:

CVE ID: CVE-2015-8001

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now