Vulnerabilities > CVE-2012-4885 - Multiple Security vulnerability in MediaWiki
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |
Nessus
NASL family | CGI abuses |
NASL id | MEDIAWIKI_1_18_2.NASL |
description | According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities : - An attacker can block/unblock arbitrary users via cross- site request forgery attack (XSRF) against an authorized user. (CVE-2012-1578) - Unauthorized users can disclose XSRF tokens, triggered by a failure of the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 58965 |
published | 2012-05-02 |
reporter | This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/58965 |
title | MediaWiki < 1.17.3 / 1.18.2 Multiple Vulnerabilities |
References
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html
- http://secunia.com/advisories/48504
- http://www.openwall.com/lists/oss-security/2012/03/22/9
- http://www.openwall.com/lists/oss-security/2012/03/24/1
- http://www.securityfocus.com/bid/52689
- https://bugzilla.wikimedia.org/show_bug.cgi?id=22555
- https://bugzilla.wikimedia.org/show_bug.cgi?id=35315