Vulnerabilities > CVE-2012-4885 - Unspecified vulnerability in Mediawiki
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN mediawiki
nessus
Summary
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |
Nessus
NASL family | CGI abuses |
NASL id | MEDIAWIKI_1_18_2.NASL |
description | According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities : - An attacker can block/unblock arbitrary users via cross- site request forgery attack (XSRF) against an authorized user. (CVE-2012-1578) - Unauthorized users can disclose XSRF tokens, triggered by a failure of the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 58965 |
published | 2012-05-02 |
reporter | This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/58965 |
title | MediaWiki < 1.17.3 / 1.18.2 Multiple Vulnerabilities |
References
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html
- http://secunia.com/advisories/48504
- http://secunia.com/advisories/48504
- http://www.openwall.com/lists/oss-security/2012/03/22/9
- http://www.openwall.com/lists/oss-security/2012/03/22/9
- http://www.openwall.com/lists/oss-security/2012/03/24/1
- http://www.openwall.com/lists/oss-security/2012/03/24/1
- http://www.securityfocus.com/bid/52689
- http://www.securityfocus.com/bid/52689
- https://bugzilla.wikimedia.org/show_bug.cgi?id=22555
- https://bugzilla.wikimedia.org/show_bug.cgi?id=22555
- https://bugzilla.wikimedia.org/show_bug.cgi?id=35315
- https://bugzilla.wikimedia.org/show_bug.cgi?id=35315