MediaWiki Multiple Vulnerabilities Fixed by 1.25.2, 1.24.3 and 1.23.10


Description   (#Multiple vulnerabilities were reported in MediaWiki:#- CVE-2015-6727: information disclosure in "Special:DeletedContributions" allowing a remote attacker to know if an IP address has been blocked#- CVE-2015-6728: anti-CSRF feature bypass via a timing attack which allows a remote attacker to modify user's watchlist#- CVE-2015-6729 and CVE-2015-6730: cross-site scripting located in the "thumb.php" web page.##The mediawiki packages provided by Debian Squeeze 6, Wheezy 7 and Jessie 8 are vulnerable.#Updated, 14/08/2015:#The mediawiki123, mediawiki124 and mediawiki125 packages provided by FreeBSD are vulnerable.#Updated, 27/08/2015:#Several vulnerabilities, fixed by the same versions of Mediawiki, have been added:#- CVE-2015-6731 and CVE-2015-6732: several cross-site scripting in "SemanticForms" extension#- CVE-2015-6733: system resource consumption in "SyntaxHighlight_GeSHi" extension#- CVE-2015-6734: cross-site scripting located in "keywords-1" parameter of "cssgen.php" web page in "SyntaxHighlight_GeSHi" extension#- CVE-2015-6735: denial of service in "TimedMediaHandler" extension#- CVE-2015-6736: denial of service in "Quiz" extension#- CVE-2015-6737: cross-site scripting in "Widgets" extension.##The mediawiki packages provided by Debian Squeeze 6, Wheezy 7 and Jessie 8 are vulnerable.#Updated, 28/08/2015:#CVE-2013-7444 has been assigned in addition of CVE-2015-6727 vulnerability.##The mediawiki packages provided by Debian Squeeze 6, Wheezy 7 and Jessie 8 are affected by CVE-2013-7444.#Updated, 06/06/2016:#Contrarily to the statement above, the mediawiki packages provided by Debian Jessie 8 are not vulnerable.)
     
Vulnerable Products   Vulnerable OS:
Fedora (Red Hat) - 21, 22FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 6, 7, 8Vulnerable Software:
MediaWiki (Wikimedia Foundation) - 1.23.0, 1.23.1, 1.23.2, 1.23.3, 1.23.4, ..., 1.24.0, 1.24.1, 1.24.2, 1.25.0, 1.25.1
     
Solution   Fixed mediawiki packages for Fedora 21 and 22 are available.
     
CVE   CVE-2015-6737
CVE-2015-6736
CVE-2015-6735
CVE-2015-6734
CVE-2015-6733
CVE-2015-6732
CVE-2015-6731
CVE-2015-6730
CVE-2015-6729
CVE-2015-6728
CVE-2015-6727
CVE-2013-7444
     
References   - MediaWiki: Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html
- Debian Security Tracker : mediawiki
https://security-tracker.debian.org/tracker/TEMP-0000000-E371A1
- VuXML : mediawiki -- multiple vulnerabilities
https://www.vuxml.org/freebsd/6241b5df-42a1-11e5-93ad-002590263bf5.html
- oss-sec : Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10
http://seclists.org/oss-sec/2015/q3/449
- Debian Security Tracker : mediawiki
https://security-tracker.debian.org/tracker/CVE-2015-6727
https://security-tracker.debian.org/tracker/CVE-2015-6728
https://security-tracker.debian.org/tracker/CVE-2015-6729
https://security-tracker.debian.org/tracker/CVE-2015-6730
https://security-tracker.debian.org/tracker/CVE-2015-6731
https://security-tracker.debian.org/tracker/CVE-2015-6732
https://security-tracker.debian.org/tracker/CVE-2015-6733
https://security-tracker.debian.org/tracker/CVE-2015-6734
https://security-tracker.debian.org/tracker/CVE-2015-6735
https://security-tracker.debian.org/tracker/CVE-2015-6736
https://security-tracker.debian.org/tracker/CVE-2015-6737
- Debian Security Tracker : mediawiki
https://security-tracker.debian.org/tracker/CVE-2013-7444
- FEDORA : Fedora 22 Update: mediawiki-1.25.2-2.fc22
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165465.html
- FEDORA : Fedora 21 Update: mediawiki-1.24.3-1.fc21
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165452.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-08-10 

 Target Type 
Server 

 Possible exploit 
Remote