Main Vulnerability Database Vulnerabilities #VU37968

Input validation error in MediaWiki and Debian Linux - CVE-2017-8811

Published: November 15, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37968

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-8811

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MediaWiki.org
Debian

Affected software:
MediaWiki
Debian Linux

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.

How to mitigate CVE-2017-8811

Install update from vendor's website.

Sources

http://www.securitytracker.com/id/1039812
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
https://www.debian.org/security/2017/dsa-4036

Input validation error in MediaWiki and Debian Linux - CVE-2017-8811

Detailed vulnerability description

How to mitigate CVE-2017-8811

Sources

Please verify you're human