Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MediaWiki < 1.23.14 / 1.25.6 / 1.26.3 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is running a PHP application that is out of date

Description

The version of MediaWiki installed is 1.23.x earlier than 1.23.14, 1.25.x earlier than 1.25.6, or 1.26.x earlier than 1.26.3. Therefore, it is affected by multiple vulnerabilities :

- A flaw exists that is due to the program failing to invalidate tokens from previous user sessions when starting a new session. This may allow an authenticated remote attacker to more easily gain access to another user's session. (OSVDB 139008) - A flaw in the 'includes/specials/SpecialUserlogin.php' script is triggered during the handling of non-canonicalized usernames. This may allow a remote attacker to bypass login throttling. (OSVDB 139009) - A flaw exists that is due to the program implementing a cross-domain policy regexp that is too narrow. This may allow a remote attacker to supply parameters within the tag and potentially insert malicious data. (OSVDB 139010) - A flaw exists in the 'wfShellExec()' function within the 'includes/GlobalFunctions.php' script that is due to missing string length limits for shell invocations. This may allow an authenticated remote attacker to provide overly large commands, resulting in a crash. (OSVDB 139011) - A flaw in the 'includes/actions/RawAction.php' script is triggered as sessions are not properly managed when handling cached data. This may allow an authenticated remote attacker to log in as another user and gain elevated privileges. (OSVDB 139012) - A flaw is triggered during the handling of a specially crafted spoofed patrol link. This may allow an authenticated remote attacker to bypass restrictions and patrol arbitrary pages. (OSVDB 139013) - A flaw in the 'includes/WebStart.php' script is triggered as checks are not sufficiently performed against 'mbstring.func_overload'. This may result in more predictable results, allowing a remote attacker to more easily conduct a brute-force attack. (OSVDB 139014) - A flaw exists that is triggered when handling specially crafted requests that involve graphs. This may disclose an edit token to an attacker, allowing them to e.g. conduct CSRF attacks. (OSVDB 139015) - A flaw within the 'generateDiffBody()' function in the 'includes/diff/DifferenceEngine.php' script may allow an authenticated remote attacker to cause multiple diffs to be concurrently loaded, consuming significant resources. This may allow the attacker to severely degrade performance. (OSVDB 139016) - A flaw exists that allows a cross-site redirection attack. This flaw exists because the application does not securely use '$wgExternalLinkTarget' within 'includes/DefaultSettings.php'. This could allow a context-dependent attacker to create a specially crafted link that, if followed, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appears to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client-side software such as a web browser or document rendering programs, as well as phishing attacks that mimic the legitimate site but send user-supplied information to the attacker. (OSVDB 139017) - A flaw in the 'ApiMove::execute()' function in the 'includes/api/ApiMove.php' script is triggered as the move API action is not properly rate limited. This may allow a remote attacker to bypass intended rate restrictions on movement operations. (OSVDB 139018) - A flaw in the 'includes/password/MWOldPassword.php', 'includes/password/MWSaltedPassword.php', and 'includes/password/Pbkdf2Password.php' scripts is triggered during the handling of unknown hash algorithms. This may allow a remote attacker to bypass authentication mechanisms. (OSVDB 139019) - A flaw in the 'includes/specials/SpecialUserlogin.php' script is triggered as password attempts for wiki accounts are throttled on a per-wiki basis, rather than globally. This may allow a remote attacker to more easily conduct brute-force attacks. (OSVDB 139020) - A flaw in the 'includes/DefaultSettings.php' script is triggered as the 'pbkdf2' parameter is hashed less securely than possible, which can cause the program to create password hashes that are less secure than they would otherwise be. (OSVDB 139097) - A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the 'UploadBase::checkSvgScriptCallback()' function in the 'includes/upload/UploadBase.php' script does not validate input when uploading SVG files before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 139098)

Solution

Upgrade to MediaWiki version 1.26.3. If 1.26.x cannot be obtained, versions 1.25.6, and 1.23.14 have also been patched for these vulnerabilities.