SynopsisThe remote web server contains an application that is affected by multiple vulnerabilities.
DescriptionAccording to its version number, the MediaWiki application running on the remote host is affected by the following vulnerabilities :
- An input validation error exists related to handling API errors that allows reflected cross-site scripting attacks. (CVE-2014-9714, CVE-2015-2941)
- An input validation error exists related to SVG file uploads that allows stored cross-site scripting attacks by bypassing a missing MIME type blacklist.
- An input validation error exists in the 'includes/Html.php' script that allows stored cross-site scripting attacks. (CVE-2015-2933)
- A flaw in the 'includes/libs/XmlTypeCheck.php' script allows a remote attacker to bypass the SVG filter by encoding SVG entities. (CVE-2015-2934)
- A flaw in the 'includes/upload/UploadBase.php' script allows a remote attacker to bypass the SVG filter and de-anonymize the wiki readers. This issue exists due to an incomplete fix for CVE-2014-7199. (CVE-2015-2935)
- A denial of service vulnerability exists due to a flaw in the handling of hashing large PBKDF2 passwords.
- A denial of service vulnerability exists due to an XML external entity injection (XXE) flaw that is triggered by the parsing of crafted XML data. (CVE-2015-2937)
- An input validation error exists related to the Scribunto extension that allows stored cross-site scripting attacks. (CVE-2015-2939)
- A flaw in the CheckUser extension allows cross-site request forgery attacks due to a flaw in which user rights are not properly checked. (CVE-2015-2940)
- A denial of service vulnerability exists due to an XML external entity (XXE) injection flaw triggered by the parsing of crafted XML data in SVG or XMP files.
- A cross-site scripting vulnerability exists due to improper validation of input encoded entities in SVG files. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to MediaWiki version 1.19.24 / 1.23.9 / 1.24.2 or later.
File Name: mediawiki_1_24_2.nasl
Configuration: Enable paranoid mode, Enable thorough checks
Temporal Vector: E:U/RL:OF/RC:C
Required KB Items: Settings/ParanoidReport, installed_sw/MediaWiki, www/PHP
Exploit Ease: No known exploits are available
Patch Publication Date: 3/31/2015
Vulnerability Publication Date: 3/31/2015
CVE: CVE-2014-9714, CVE-2015-2931, CVE-2015-2932, CVE-2015-2933, CVE-2015-2934, CVE-2015-2935, CVE-2015-2936, CVE-2015-2937, CVE-2015-2938, CVE-2015-2939, CVE-2015-2940, CVE-2015-2941, CVE-2015-2942
BID: 73477, 74061