 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.108112 |
| Category: | Web application abuses |
| Title: | MediaWiki Multiple Vulnerabilities (Mar 2015) - Linux |
| Summary: | MediaWiki is prone to multiple vulnerabilities. |
| Description: | Summary: MediaWiki is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - incomplete blacklist vulnerability in includes/upload/UploadBase.php allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI. - incomplete blacklist vulnerability allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element. - MediaWiki does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file. - bypassing the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file. - when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ('quadratic blowup' and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942. - Cross-site scripting (XSS) vulnerability allowing remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file. - Cross-site scripting (XSS) vulnerability, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value. - when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a 'billion laughs attack', a different vulnerability than CVE-2015-2937. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct XSS attacks, gain access to sensitive information and have other some unspecified impact. Affected Software/OS: MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 Solution: Upgrade to version 1.19.24 or 1.23.9 or 1.24.2 or later. CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2931 BugTraq ID: 73477 http://www.securityfocus.com/bid/73477 https://security.gentoo.org/glsa/201510-05 http://www.mandriva.com/security/advisories?name=MDVSA-2015:200 https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html http://www.openwall.com/lists/oss-security/2015/04/01/1 http://www.openwall.com/lists/oss-security/2015/04/07/3 Common Vulnerability Exposure (CVE) ID: CVE-2015-2932 Common Vulnerability Exposure (CVE) ID: CVE-2015-2933 Common Vulnerability Exposure (CVE) ID: CVE-2015-2934 Common Vulnerability Exposure (CVE) ID: CVE-2015-2935 Common Vulnerability Exposure (CVE) ID: CVE-2015-2936 Common Vulnerability Exposure (CVE) ID: CVE-2015-2937 Common Vulnerability Exposure (CVE) ID: CVE-2015-2938 Common Vulnerability Exposure (CVE) ID: CVE-2015-2941 Common Vulnerability Exposure (CVE) ID: CVE-2015-2942 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |