Vulnerabilities > CVE-2012-5391 - Unspecified vulnerability in Mediawiki
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN mediawiki
nessus
Summary
Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.
Vulnerable Configurations
Nessus
NASL family CGI abuses NASL id MEDIAWIKI_1_18_6.NASL description According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities : - MediaWiki core is vulnerable to session fixation attacks that allow an attacker to compromise another user last seen 2020-06-01 modified 2020-06-02 plugin id 63267 published 2012-12-14 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63267 title MediaWiki < 1.18.6 / 1.19.3 / 1.20.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(63267); script_version("1.12"); script_cvs_date("Date: 2018/11/15 20:50:17"); script_cve_id("CVE-2012-5391", "CVE-2012-5395"); script_bugtraq_id(56714, 58019, 68235); script_name(english:"MediaWiki < 1.18.6 / 1.19.3 / 1.20.1 Multiple Vulnerabilities"); script_summary(english:"Checks version of MediaWiki."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities : - MediaWiki core is vulnerable to session fixation attacks that allow an attacker to compromise another user's account. (CVE-2012-5391) - The MediaWiki CentralAuth Extension is vulnerable to session fixation attacks. (CVE-2012-5395) - An API feature in version 1.20 allows for HTML code to be injected in the 'editfont' option, resulting in cross-site scripting (XSS). - A PCRE backtrack limit can be exceeded causing history pages to fail to display. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cba6a61e"); script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.18#MediaWiki_1.18.6"); script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.3"); script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.20#MediaWiki_1.20.1"); script_set_attribute(attribute:"solution", value: "Upgrade to MediaWiki version 1.18.6 / 1.19.3 / 1.20.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/28"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/14"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mediawiki:mediawiki"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("mediawiki_detect.nasl"); script_require_keys("Settings/ParanoidReport", "installed_sw/MediaWiki", "www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "MediaWiki"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:80, php:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); version = install['version']; install_url = build_url(qs:install['path'], port:port); if (report_paranoia < 2) audit(AUDIT_PARANOID); if ( (version =~ "^1\.([0-9]|1[0-7])\.") || (version =~ "^1\.18\.([0-5]([^0-9]|$)|6[^0-9])") || (version =~ "^1\.19\.([0-2]([^0-9]|$)|3[^0-9])") || (version =~ "^1\.20\.(0([^0-9]|$)|1[^0-9])") ) { set_kb_item(name:"www/"+port+"/XSS", value:TRUE); if (report_verbosity > 0) { report = '\n URL : ' + install_url + '\n Installed version : ' + version + '\n Fixed versions : 1.18.6 / 1.19.3 / 1.20.1' + '\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);NASL family Fedora Local Security Checks NASL id FEDORA_2013-3227.NASL description Bring mediawiki up to date to fix multiple bugs, security holes, and bring new features. The package should automatically attempt to upgrade your wiki, but please make sure to perform backups before updating. Special care may be required for MySQL based wikis. See bug 845818. Read the main mediawiki website for Release Notes for 1.17, 1.18, and 1.19. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-03-22 plugin id 65645 published 2013-03-22 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65645 title Fedora 17 : mediawiki-1.19.4-2.fc17 (2013-3227) NASL family Fedora Local Security Checks NASL id FEDORA_2013-2090.NASL description Rebase to version 1.19.3. Fixes CVE-2012-5391 amongst other bugfixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-19 plugin id 64674 published 2013-02-19 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64674 title Fedora 18 : mediawiki119-1.19.3-3.fc18 (2013-2090) NASL family Fedora Local Security Checks NASL id FEDORA_2013-3265.NASL description Bring mediawiki up to date to fix multiple bugs, security holes, and bring new features. The package should automatically attempt to upgrade your wiki, but please make sure to perform backups before updating. Special care may be required for MySQL based wikis. See bug 845818. Read the main mediawiki website for Release Notes for 1.17, 1.18, and 1.19. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-03-22 plugin id 65646 published 2013-03-22 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65646 title Fedora 18 : mediawiki-1.19.4-2.fc18 (2013-3265)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 58019 CVE(CAN) ID: CVE-2012-5391 MediaWiki是著名的wiki程序,运行于PHP+MySQL环境。 MediaWiki 1.20及其他版本在实现上存在会话固定漏洞,攻击者可利用此漏洞劫持任意会话,获取未授权访问权限等。 0 MediaWiki 1.20 厂商补丁: MediaWiki --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://wikipedia.sourceforge.net/ |
| id | SSV:60640 |
| last seen | 2017-11-19 |
| modified | 2013-02-22 |
| published | 2013-02-22 |
| reporter | Root |
| title | MediaWiki 会话固定漏洞(CVE-2012-5391) |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=40995
- https://bugzilla.wikimedia.org/show_bug.cgi?id=40995
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83008
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83008