MediaWiki < 1.19.24 / 1.23.9 / 1.24.2 Multiple Vulnerabilities

Medium Nessus Plugin ID 84164

Synopsis

The remote web server contains an application that is affected by multiple vulnerabilities.

Description

According to its version number, the MediaWiki application running on the remote host is affected by the following vulnerabilities :

- An input validation error exists related to handling API errors that allows reflected cross-site scripting attacks. (CVE-2014-9714, CVE-2015-2941)

- An input validation error exists related to SVG file uploads that allows stored cross-site scripting attacks by bypassing a missing MIME type blacklist.
(CVE-2015-2931)

- An input validation error exists related to the handling of JavaScript used to animate elements in the 'includes/upload/UploadBase.php' script that allows a remote attacker to bypass the blacklist filter.
(CVE-2015-2932)

- An input validation error exists in the 'includes/Html.php' script that allows stored cross-site scripting attacks. (CVE-2015-2933)

- A flaw in the 'includes/libs/XmlTypeCheck.php' script allows a remote attacker to bypass the SVG filter by encoding SVG entities. (CVE-2015-2934)

- A flaw in the 'includes/upload/UploadBase.php' script allows a remote attacker to bypass the SVG filter and de-anonymize the wiki readers. This issue exists due to an incomplete fix for CVE-2014-7199. (CVE-2015-2935)

- A denial of service vulnerability exists due to a flaw in the handling of hashing large PBKDF2 passwords.
(CVE-2015-2936)

- A denial of service vulnerability exists due to an XML external entity injection (XXE) flaw that is triggered by the parsing of crafted XML data. (CVE-2015-2937)

- An input validation error exists related to the user-supplied custom JavaScript that allows stored cross-site scripting attacks. (CVE-2015-2938)

- An input validation error exists related to the Scribunto extension that allows stored cross-site scripting attacks. (CVE-2015-2939)

- A flaw in the CheckUser extension allows cross-site request forgery attacks due to a flaw in which user rights are not properly checked. (CVE-2015-2940)

- A denial of service vulnerability exists due to an XML external entity (XXE) injection flaw triggered by the parsing of crafted XML data in SVG or XMP files.
(CVE-2015-2942)

- A cross-site scripting vulnerability exists due to improper validation of input encoded entities in SVG files. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to MediaWiki version 1.19.24 / 1.23.9 / 1.24.2 or later.

See Also

http://www.nessus.org/u?bfc5045c

https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.24

https://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.9

https://www.mediawiki.org/wiki/Release_notes/1.24#MediaWiki_1.24.2

https://blogs.securiteam.com/index.php/archives/2669

Plugin Details

Severity: Medium

ID: 84164

File Name: mediawiki_1_24_2.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 2015/06/12

Updated: 2019/11/22

Dependencies: 19233

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2015-2940

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mediawiki:mediawiki

Required KB Items: Settings/ParanoidReport, installed_sw/MediaWiki, www/PHP

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/03/31

Vulnerability Publication Date: 2015/03/31

Reference Information

CVE: CVE-2014-9714, CVE-2015-2931, CVE-2015-2932, CVE-2015-2933, CVE-2015-2934, CVE-2015-2935, CVE-2015-2936, CVE-2015-2937, CVE-2015-2938, CVE-2015-2939, CVE-2015-2940, CVE-2015-2941, CVE-2015-2942

BID: 73477, 74061