Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MediaWiki < 1.19.24 / 1.23.9 / 1.24.2 Multiple Vulnerabilities

High

Synopsis

The remote web server is running a PHP application that is out of date

Description

The version of MediaWiki installed is 1.19.x earlier than 1.19.24, 1.23.x earlier than 1.23.9, or 1.24.x earlier than 1.24.2. Therefore, it is affected by multiple vulnerabilities :

- A flaw in the 'includes/upload/UploadBase.php' script is triggered when the blacklist feature fails to properly validate nested SVG files due to a missing MIME type blacklist. This may allow a remote attacker to upload SVG files which will execute malicious JavaScript code. (OSVDB 120238) - A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the 'includes/Html.php' script does not validate input during Html class attribute expansion before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 120239) - A flaw in the 'includes/libs/XmlTypeCheck.php' script. The issue is triggered when the SVG filter assumes that XML is expanded. This may allow a remote attacker to bypass the SVG filter by encoding SVG entities. (OSVDB 120240) - A flaw in the 'wddx' output format's handling of API errors allows a reflected 1.26.3 attack. This flaw exists because the 'api.php' script does not validate input to the 'submodule' parameter before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 120241) - A flaw is triggered when hashing PBKDF2 passwords. With a specially crafted overly large password, a remote attacker can cause the operation to take the max execution time, consuming resources. (OSVDB 120242) - An Xml eXternal Entity (XXE) injection flaw is triggered during the parsing of XML data in SVG or XMP files. The issue is due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. By sending specially crafted XML data, a remote attacker to consume all system resources, making the web server unresponsive. (OSVDB 120243) - A quadratic blowup XXE injection flaw is triggered during the parsing of XML data. The issue is due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. By sending specially crafted XML data, a remote attacker can exhaust memory up to the memory_limit set by PHP. (OSVDB 120244) - A flaw in the 'includes/upload/UploadBase.php' script is triggered when the SVG filter does not adequately protect against certain style declarations. This may allow a remote attacker to bypass the SVG filter. (OSVDB 120245) - A flaw exists that allows a stored 1.26.3 attack. This flaw exists because the program does not validate during custom JavaScript previews before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 120246) - A flaw exists in the 'includes/upload/UploadBase.php' script. The issue is due to the check for animating an element's href to a JavaScript URL being insufficient. This may allow a remote attacker to bypass the blacklist filter. (OSVDB 120247) - Scribunto Extension contains a flaw that allows a stored 1.26.3 attack. This flaw exists because the 'Lua Error Backtraces' function in the 'engines/LuaCommon/LuaCommon.php' script does not validate input when handling names before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 120273) - CheckUser Extension contains a flaw as user rights are not properly checked when handling HTTP requests to 'specials/SpecialCheckUser.php' that do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to have their reputation damaged or their logs flooded. (OSVDB 120274) - A flaw exists that allows a 1.26.3 attack. This flaw exists because the program does not validate input encoded entities in SVG files before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 130893)

Solution

Upgrade to MediaWiki version 1.24.2. If 1.24.x cannot be obtained, versions 1.23.9, and 1.19.24 have also been patched for these vulnerabilities.