Detections
Analytics
FreeBSD : mediawiki -- multiple vulnerabilities (298829e2-ccce-11e7-92e4-000c29649f92)
critical Nessus Plugin ID 104693
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
mediawiki reports :security fixes :
T128209: Reflected File Download from api.php. Reported by Abdullah Hussam.
T165846: BotPasswords doesn't throttle login attempts.
T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password.
T178451: XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping.
T176247: It's possible to mangle HTML via raw message parameter expansion.
T125163: id attribute on headlines allow raw.
T124404: language converter can be tricked into replacing text inside tags by adding a lot of junk after the rule definition.
T119158: Language converter: unsafe attribute injection via glossary rules.
T180488: api.log contains passwords in plaintext wasn't correctly fixed.
T180231: composer.json has require-dev versions of PHPUnit with known security issues. Reported by Tom Hutchison.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Critical
ID: 104693
File Name: freebsd_pkg_298829e2ccce11e792e4000c29649f92.nasl
Version: 3.6
Type: local
Family: FreeBSD Local Security Checks
Published: 11/20/2017
Updated: 12/5/2022
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.0
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:mediawiki127, p-cpe:/a:freebsd:freebsd:mediawiki128, cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:mediawiki129
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 11/19/2017
Vulnerability Publication Date: 11/14/2017
CISA Known Exploited Vulnerability Due Dates: 8/15/2022
Reference Information
CVE: CVE-2017-0361, CVE-2017-8808, CVE-2017-8809, CVE-2017-8810, CVE-2017-8811, CVE-2017-8812, CVE-2017-8814, CVE-2017-8815, CVE-2017-9841