Vulnerabilities > CVE-2013-2114 - Unspecified vulnerability in Mediawiki

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

mediawiki

nessus

NVD

Published: 2013-11-18

Updated: 2013-11-21

Summary

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. CWE-434: Unrestricted Upload of File with Dangerous Type per http://cwe.mitre.org/data/definitions/434.html

Vulnerable Configurations

Part	Description	Count
Application	Mediawiki Mediawiki Mediawiki 1.19 Mediawiki Mediawiki 1.19.0 Mediawiki Mediawiki 1.19.1 Mediawiki Mediawiki 1.19.2 Mediawiki Mediawiki 1.19.3 Mediawiki Mediawiki 1.19.4 Mediawiki Mediawiki 1.19.5 Mediawiki Mediawiki 1.19.6 Mediawiki Mediawiki 1.20.1 Mediawiki Mediawiki 1.20.2 Mediawiki Mediawiki 1.20.3 Mediawiki Mediawiki 1.20.4 Mediawiki Mediawiki 1.20.5	15

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201310-21.NASL
description	The remote host is affected by the vulnerability described in GLSA-201310-21 (MediaWiki: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code, perform man-in-the-middle attacks, obtain sensitive information or perform cross-site scripting attacks. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	70677
published	2013-10-29
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/70677
title	GLSA-201310-21 : MediaWiki: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201310-21. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(70677); script_version("1.11"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2013-1816", "CVE-2013-1817", "CVE-2013-1818", "CVE-2013-1951", "CVE-2013-2031", "CVE-2013-2032", "CVE-2013-2114", "CVE-2013-4301", "CVE-2013-4302", "CVE-2013-4303", "CVE-2013-4304", "CVE-2013-4305", "CVE-2013-4306", "CVE-2013-4307", "CVE-2013-4308"); script_bugtraq_id(58304, 58305, 58306, 59077, 59594, 59595, 60077, 62194, 62201, 62202, 62203, 62210, 62215, 62218, 62434); script_xref(name:"GLSA", value:"201310-21"); script_name(english:"GLSA-201310-21 : MediaWiki: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201310-21 (MediaWiki: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code, perform man-in-the-middle attacks, obtain sensitive information or perform cross-site scripting attacks. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201310-21" ); script_set_attribute( attribute:"solution", value: "All MediaWiki 1.21.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.21.2' All MediaWiki 1.20.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.20.7' All MediaWiki 1.19.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.19.8'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mediawiki"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apps/mediawiki", unaffected:make_list("ge 1.21.2", "rge 1.20.7", "rge 1.19.8"), vulnerable:make_list("lt 1.21.2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MediaWiki"); }

NASL family	CGI abuses
NASL id	MEDIAWIKI_1_19_7.NASL
description	According to its version number, the instance of MediaWiki running on the remote host is affected by an arbitrary file upload vulnerability due to a flaw that fails to validate file extensions when files are uploaded via chunks using the API. Note that Nessus has not tested for this issue but has instead relied on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	66841
published	2013-06-07
reporter	This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66841
title	MediaWiki 1.19.x < 1.19.7 / 1.20.x < 1.20.6 Arbitrary File Upload
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66841); script_version("1.8"); script_cvs_date("Date: 2018/11/28 22:47:41"); script_cve_id("CVE-2013-2114"); script_bugtraq_id(60077); script_name(english:"MediaWiki 1.19.x < 1.19.7 / 1.20.x < 1.20.6 Arbitrary File Upload"); script_summary(english:"Checks version of MediaWiki."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by an arbitrary upload vulnerability."); script_set_attribute(attribute:"description", value: "According to its version number, the instance of MediaWiki running on the remote host is affected by an arbitrary file upload vulnerability due to a flaw that fails to validate file extensions when files are uploaded via chunks using the API. Note that Nessus has not tested for this issue but has instead relied on the application's self-reported version number."); # https://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1615913b"); script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.7"); script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.20#MediaWiki_1.20.6"); script_set_attribute(attribute:"solution", value:"Upgrade to MediaWiki version 1.19.7 / 1.20.6 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/07"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mediawiki:mediawiki"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mediawiki_detect.nasl"); script_require_keys("Settings/ParanoidReport", "installed_sw/MediaWiki", "www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "MediaWiki"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:80, php:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); version = install['version']; install_url = build_url(qs:install['path'], port:port); if (report_paranoia < 2) audit(AUDIT_PARANOID); if ( version =~ "^1\.19\.[0-6]([^0-9]\|$)" \|\| version =~ "^1\.20\.[0-5]([^0-9]\|$)" ) { if (report_verbosity > 0) { report = '\n URL : ' + install_url + '\n Installed version : ' + version + '\n Fixed versions : 1.19.7 / 1.20.6' + '\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-9622.NASL
description	- (bug 48306) SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-07-12
plugin id	67370
published	2013-07-12
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67370
title	Fedora 17 : mediawiki-1.19.7-1.fc17 (2013-9622)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-9622. # include("compat.inc"); if (description) { script_id(67370); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-2114"); script_bugtraq_id(60077); script_xref(name:"FEDORA", value:"2013-9622"); script_name(english:"Fedora 17 : mediawiki-1.19.7-1.fc17 (2013-9622)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - (bug 48306) SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=967062" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/107950.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?aa48e9b7" ); script_set_attribute( attribute:"solution", value:"Update the affected mediawiki package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mediawiki"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"mediawiki-1.19.7-1.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mediawiki"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-9616.NASL
description	- (bug 48306) SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-07-12
plugin id	67368
published	2013-07-12
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67368
title	Fedora 18 : mediawiki-1.19.7-1.fc18 (2013-9616)

Summary

Vulnerable Configurations

Nessus

References