FreeBSD : mediawiki -- multiple vulnerabilities (b50f53ce-2151-11e6-8dd3-002590263bf5)

High Nessus Plugin ID 91304


The remote FreeBSD host is missing one or more security-related updates.


MediaWiki reports :

Security fixes :

T122056: Old tokens are remaining valid within a new session

T127114: Login throttle can be tricked using non-canonicalized usernames

T123653: Cross-domain policy regexp is too narrow

T123071: Incorrectly identifying http link in a's href attributes, due to m modifier in regex

T129506: MediaWiki:Gadget-popups.js isn't renderable

T125283: Users occasionally logged in as different users after SessionManager deployment

T103239: Patrol allows click catching and patrolling of any page

T122807: [tracking] Check php crypto primatives

T98313: Graphs can leak tokens, leading to CSRF

T130947: Diff generation should use PoolCounter

T133507: Careless use of $wgExternalLinkTarget is insecure

T132874: API action=move is not rate limited


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 91304

File Name: freebsd_pkg_b50f53ce215111e68dd3002590263bf5.nasl

Version: $Revision: 2.1 $

Type: local

Published: 2016/05/24

Modified: 2016/05/24

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mediawiki123, p-cpe:/a:freebsd:freebsd:mediawiki124, p-cpe:/a:freebsd:freebsd:mediawiki125, p-cpe:/a:freebsd:freebsd:mediawiki126, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/05/24

Vulnerability Publication Date: 2016/05/20