SB2015110913 - Multiple vulnerabilities in MediaWiki

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015110913

SB2015110913 - Multiple vulnerabilities in MediaWiki

Published: November 9, 2015 Updated: August 9, 2020

Security Bulletin ID SB2015110913
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 17% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Credentials management (CVE-ID: CVE-2015-8009)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.


2) Information disclosure (CVE-ID: CVE-2015-8005)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-8004)

The vulnerability allows a remote #AU# to manipulate data.

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.


4) Resource management error (CVE-ID: CVE-2015-8003)

The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.


5) Resource management error (CVE-ID: CVE-2015-8002)

The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.


6) Improper access control (CVE-ID: CVE-2015-8001)

The vulnerability allows a remote #AU# to perform service disruption.

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size.


Remediation

Install update from vendor's website.

References