MediaWiki CSS Injection and Local Script Inclusion Vulnerabilities


Description   Two vulnerabilities have been identified in MediaWiki, which could be exploited by attackers to bypass restrictions or gain knowledge of sensitive information.
The first issue is caused by an input validation error when processing CSS comments, which could be exploited by attackers to cause arbitrary code to be executed by the user's browser.
The second vulnerability is caused by an input validation error language files, which could allow attackers to include PHP scripts already present on the web server.
     
Vulnerable Products   Vulnerable Software:
MediaWiki versions prior to 1.16.2
     
Solution   Upgrade to MediaWiki version 1.16.2 : http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.tar.gzOr apply patch for version 1.16.1 : http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gzhttp://download.wikimedia.org/mediawiki/1.16/mediawiki-i18n-1.16.2.patch.gz
     
CVE   CVE-2011-0537
CVE-2011-0047
     
References   http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html
https://bugzilla.wikimedia.org/show_bug.cgi?id=27093
https://bugzilla.wikimedia.org/show_bug.cgi?id=27094
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
Misc : Local File Inclusion - suspicious /etc/passwd found in URL
3.5.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2011-02-03 

 Target Type 
Client + Server 

 Possible exploit 
Local & Remote