Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

MediaWiki 1.16.4 Multiple Remote Vulnerabilities

http://www.securityfocus.com/bid/47722

Security Info

Bugtraq ID: 47722
Class: Unknown
CVE: CVE-2011-1765
CVE-2011-1766
Remote: Yes
Local: No
Published: May 05 2011 12:00AM
Updated: Jun 22 2012 12:10AM
Credit: Masato Kinugawa and Liangent
Vulnerable: Red Hat Fedora 15
Red Hat Fedora 14
Red Hat Fedora 13
MediaWiki MediaWiki 1.16.4
Gentoo Linux
Not Vulnerable: MediaWiki MediaWiki 1.16.5

Security Discussion

MediaWiki is prone to multiple remote vulnerabilities, including:

1. A cross-site scripting vulnerability.

2. An authentication-bypass vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the website, steal cookie-based authentication credentials, and gain unauthorized access to the affected application.

MediaWiki 1.16.4 is vulnerable; other versions may also be affected.

Proof of Concept and Security Exploits

Attackers can exploit these issues through a browser. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting victim to follow a malicious URI.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 19, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services