Vulnerabilities > CVE-2013-4572 - Session Fixation vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
mediawiki
fedoraproject
CWE-384
nessus

Summary

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

Vulnerable Configurations

Part Description Count
Application
Mediawiki
219
OS
Fedoraproject
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Session Credential Falsification through Forging
    An attacker creates a false but functional session credential in order to gain or usurp access to a service. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. If an attacker is able to forge valid session credentials they may be able to bypass authentication or piggy-back off some other authenticated user's session. This attack differs from Reuse of Session IDs and Session Sidejacking attacks in that in the latter attacks an attacker uses a previous or existing credential without modification while, in a forging attack, the attacker must create their own credential, although it may be based on previously observed credentials.
  • Exploitation of Session Variables, Resource IDs and other Trusted Credentials
    Attacks on session IDs and resource IDs take advantage of the fact that some software accepts user input without verifying its authenticity. For example, a message queuing system that allows service requesters to post messages to its queue through an open channel (such as anonymous FTP), authorization is done through checking group or role membership contained in the posted message. However, there is no proof that the message itself, the information in the message (such group or role membership), or indeed the process that wrote the message to the queue are authentic and authorized to do so. Many server side processes are vulnerable to these attacks because the server to server communications have not been analyzed from a security perspective or the processes "trust" other systems because they are behind a firewall. In a similar way servers that use easy to guess or spoofable schemes for representing digital identity can also be vulnerable. Such systems frequently use schemes without cryptography and digital signatures (or with broken cryptography). Session IDs may be guessed due to insufficient randomness, poor protection (passed in the clear), lack of integrity (unsigned), or improperly correlation with access control policy enforcement points. Exposed configuration and properties files that contain system passwords, database connection strings, and such may also give an attacker an edge to identify these identifiers. The net result is that spoofing and impersonation is possible leading to an attacker's ability to break authentication, authorization, and audit controls on the system.
  • Accessing/Intercepting/Modifying HTTP Cookies
    This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form of this attack involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the attacker to impersonate the remote user/session. The third form is when the cookie's content is modified by the attacker before it is sent back to the server. Here the attacker seeks to convince the target server to operate on this falsified information.
  • Manipulating Opaque Client-based Data Tokens
    In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-290.NASL
    descriptionUpdated mediawiki packages fix security vulnerabilities : Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki
    last seen2020-06-01
    modified2020-06-02
    plugin id71510
    published2013-12-18
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71510
    titleMandriva Linux Security Advisory : mediawiki (MDVSA-2013:290)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:290. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71510);
      script_version("1.6");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4572");
      script_bugtraq_id(63757, 63760, 63761);
      script_xref(name:"MDVSA", value:"2013:290");
    
      script_name(english:"Mandriva Linux Security Advisory : mediawiki (MDVSA-2013:290)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mediawiki packages fix security vulnerabilities :
    
    Kevin Israel (Wikipedia user PleaseStand) identified and reported two
    vectors for injecting JavaScript in CSS that bypassed MediaWiki's
    blacklist (CVE-2013-4567, CVE-2013-4568).
    
    Internal review while debugging a site issue discovered that MediaWiki
    and the CentralNotice extension were incorrectly setting cache headers
    when a user was autocreated, causing the user's session cookies to be
    cached, and returned to other users (CVE-2013-4572)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2013-0368.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki-sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-1.20.8-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-mysql-1.20.8-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-pgsql-1.20.8-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-sqlite-1.20.8-1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-21856.NASL
    description - Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki
    last seen2020-03-17
    modified2013-12-02
    plugin id71149
    published2013-12-02
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71149
    titleFedora 19 : mediawiki-1.21.3-1.fc19 (2013-21856)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-21856.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71149);
      script_version("1.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-5394", "CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4569", "CVE-2013-4572");
      script_bugtraq_id(63757, 63760, 63761);
      script_xref(name:"FEDORA", value:"2013-21856");
    
      script_name(english:"Fedora 19 : mediawiki-1.21.3-1.fc19 (2013-21856)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Kevin Israel (Wikipedia user PleaseStand) identified and
        reported two vectors for injecting JavaScript in CSS
        that bypassed MediaWiki's blacklist (CVE-2013-4567,
        CVE-2013-4568).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=55332>
    
      - Internal review while debugging a site issue discovered
        that MediaWiki and the CentralNotice extension were
        incorrectly setting cache headers when a user was
        autocreated, causing the user's session cookies to be
        cached, and returned to other users (CVE-2013-4572).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=53032>
    
    Additionally, the following extensions have been updated to fix
    security issues :
    
      - CleanChanges: MediaWiki steward Teles reported that
        revision-deleted IP's are not correctly hidden when this
        extension is used (CVE-2013-4569).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=54294>
    
      - ZeroRatedMobileAccess: Tomasz Chlebowski reported an XSS
        vulnerability (CVE-2013-4573).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=55991>
    
      - CentralAuth: MediaWiki developer Platonides reported a
        login CSRF in CentralAuth (CVE-2012-5394).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=40747>
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1030987"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=40747
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T42747"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=53032
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T55032"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=54294
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T56294"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T57332"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=55991
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T57991"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?25def639"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mediawiki package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mediawiki");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"mediawiki-1.21.3-1.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mediawiki");
    }
    
  • NASL familyCGI abuses
    NASL idMEDIAWIKI_1_19_9.NASL
    descriptionAccording to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - Input validation errors exist that allow cross-site scripting attacks. (CVE-2013-4567, CVE-2013-4568) - An error exists related to session IDs and HTTP headers that allows an information disclosure. (CVE-2013-4572) Additionally, the following extensions contain vulnerabilities but are not enabled or installed by default (unless otherwise noted) : - An input validation error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id71500
    published2013-12-17
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71500
    titleMediaWiki < 1.19.9 / 1.20.8 / 1.21.3 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71500);
      script_version("1.9");
      script_cvs_date("Date: 2018/11/28 22:47:41");
    
      script_cve_id(
        "CVE-2012-5394",
        "CVE-2013-4567",
        "CVE-2013-4568",
        "CVE-2013-4569",
        "CVE-2013-4572",
        "CVE-2013-4573"
      );
      script_bugtraq_id(63755, 63756, 63757, 63759, 63760, 63761);
    
      script_name(english:"MediaWiki < 1.19.9 / 1.20.8 / 1.21.3 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of MediaWiki.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server contains an application that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its version number, the instance of MediaWiki running on
    the remote host is affected by the following vulnerabilities :
    
      - Input validation errors exist that allow cross-site
        scripting attacks. (CVE-2013-4567, CVE-2013-4568)
    
      - An error exists related to session IDs and HTTP headers
        that allows an information disclosure. (CVE-2013-4572)
    
    Additionally, the following extensions contain vulnerabilities but
    are not enabled or installed by default (unless otherwise noted) : 
    
      - An input validation error exists related to the
        'CentralAuth' extension that allows cross-site request
        forgery (CSRF) attacks. (CVE-2012-5394)
    
      - An error exists in the 'CleanChanges' extension that
        allows an information disclosure related to
        'revision-deleted' IP addresses. (CVE-2013-4569)
    
      - An input validation error exists in the
        'ZeroRatedMobileAccess' extension that allows cross-site
        scripting attacks. (CVE-2013-4573)
    
    Note that Nessus has not tested for these issues but has instead
    relied on the application's self-reported version number.");
      # https://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9d8f458");
      script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.9");
      script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.20#MediaWiki_1.20.8");
      script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.21#MediaWiki_1.21.3");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MediaWiki version 1.19.9 / 1.20.8 / 1.21.3 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/17");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mediawiki:mediawiki");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mediawiki_detect.nasl");
      script_require_keys("Settings/ParanoidReport", "installed_sw/MediaWiki", "www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("install_func.inc");
    
    app = "MediaWiki";
    get_install_count(app_name:app, exit_if_zero:TRUE);
    
    port = get_http_port(default:80, php:TRUE);
    
    install = get_single_install(
      app_name : app,
      port     : port,
      exit_if_unknown_ver : TRUE
    );
    version = install['version'];
    install_url = build_url(qs:install['path'], port:port);
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    if (
      version =~ "^1\.19\.[0-8]([^0-9]|$)" ||
      version =~ "^1\.20\.[0-7]([^0-9]|$)" ||
      version =~ "^1\.21\.[0-2]([^0-9]|$)"
    )
    {
      set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
      set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);
    
      if (report_verbosity > 0)
      {
        report =
          '\n  URL               : ' + install_url +
          '\n  Installed version : ' + version +
          '\n  Fixed versions    : 1.19.9 / 1.20.8 / 1.21.3' +
          '\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
    }
    else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-21874.NASL
    description - Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki
    last seen2020-03-17
    modified2013-12-02
    plugin id71150
    published2013-12-02
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71150
    titleFedora 18 : mediawiki-1.19.9-1.fc18 (2013-21874)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-21874.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71150);
      script_version("1.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-5394", "CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4569", "CVE-2013-4572");
      script_bugtraq_id(63757, 63760, 63761);
      script_xref(name:"FEDORA", value:"2013-21874");
    
      script_name(english:"Fedora 18 : mediawiki-1.19.9-1.fc18 (2013-21874)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Kevin Israel (Wikipedia user PleaseStand) identified and
        reported two vectors for injecting JavaScript in CSS
        that bypassed MediaWiki's blacklist (CVE-2013-4567,
        CVE-2013-4568).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=55332>
    
      - Internal review while debugging a site issue discovered
        that MediaWiki and the CentralNotice extension were
        incorrectly setting cache headers when a user was
        autocreated, causing the user's session cookies to be
        cached, and returned to other users (CVE-2013-4572).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=53032>
    
    Additionally, the following extensions have been updated to fix
    security issues :
    
      - CleanChanges: MediaWiki steward Teles reported that
        revision-deleted IP's are not correctly hidden when this
        extension is used (CVE-2013-4569).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=54294>
    
      - ZeroRatedMobileAccess: Tomasz Chlebowski reported an XSS
        vulnerability (CVE-2013-4573).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=55991>
    
      - CentralAuth: MediaWiki developer Platonides reported a
        login CSRF in CentralAuth (CVE-2012-5394).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=40747>
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1030987"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=40747
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T42747"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=53032
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T55032"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=54294
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T56294"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T57332"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=55991
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T57991"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7ea04af0"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mediawiki package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mediawiki");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC18", reference:"mediawiki-1.19.9-1.fc18")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mediawiki");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2891.NASL
    descriptionThe remote Debian host is missing a security update. It is, therefore, affected by multiple vulnerabilities in MediaWiki : - A cross-site scripting (XSS) vulnerability exists due to a failure to validate input before returning it to the user. An unauthenticated, remote attacker can exploit this, via specially crafted SVG files, to execute arbitrary script code in the user
    last seen2020-03-17
    modified2014-03-31
    plugin id73256
    published2014-03-31
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73256
    titleDebian DSA-2891-1 : mediawiki, mediawiki-extensions Multiple Vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were
    # extracted from Debian Security Advisory DSA-2891
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(73256);
      script_version("1.15");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id(
        "CVE-2013-2031",
        "CVE-2013-2032",
        "CVE-2013-4567",
        "CVE-2013-4568",
        "CVE-2013-4572",
        "CVE-2013-6452",
        "CVE-2013-6453",
        "CVE-2013-6454",
        "CVE-2013-6472",
        "CVE-2014-1610",
        "CVE-2014-2665"
      );
      script_bugtraq_id(
        59594,
        59595,
        63757,
        63760,
        63761,
        65003,
        65223,
        66600
      );
      script_xref(name:"DSA", value:"2891");
    
      script_name(english:"Debian DSA-2891-1 : mediawiki, mediawiki-extensions Multiple Vulnerabilities");
      script_summary(english:"Checks the dpkg output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Debian host is missing a security-related update.");
      script_set_attribute(attribute:"description", value:
    "The remote Debian host is missing a security update. It is, therefore,
    affected by multiple vulnerabilities in MediaWiki :
    
      - A cross-site scripting (XSS) vulnerability exists due to
        a failure to validate input before returning it to the
        user. An unauthenticated, remote attacker can exploit
        this, via specially crafted SVG files, to execute
        arbitrary script code in the user's browser session.
        (CVE-2013-2031)
    
      - A flaw exists in the password blocking mechanism due to
        two different tools being used to block password change
        requests, these being Special:PasswordReset and
        Special:ChangePassword, either of which may be bypassed
        by the method the other prevents. A remote attacker can
        exploit this issue to change passwords. (CVE-2013-2032)
    
      - Multiple flaws exist in Sanitizer::checkCss due to the
        improper sanitization of user-supplied input. An
        unauthenticated, remote attacker can exploit these to
        bypass the blacklist. (CVE-2013-4567, CVE-2013-4568)
    
      - A flaw exists due to multiple users being granted the
        same session ID within HTTP headers. A remote attacker
        can exploit this to authenticate as another random
        user. (CVE-2013-4572)
    
      - A cross-site scripting (XSS) vulnerability exists in the
        /includes/libs/XmlTypeCheck.php script due to improper
        validation of user-supplied input. An unauthenticated,
        remote attacker can exploit this, via a specially
        crafted XSL file, to execute arbitrary script code in
        the user's browser session. (CVE-2013-6452)
    
      - A flaw exists in the /includes/upload/UploadBase.php
        script due to a failure to apply SVG sanitization when
        XML files are read as invalid. An unauthenticated,
        remote attacker can exploit this to upload non-sanitized
        XML files, resulting in an unspecified impact.
        (CVE-2013-6453)
    
      - A stored cross-site (XSS) scripting vulnerability exists
        in the /includes/Sanitizer.php script due to a failure
        to properly validate the '-o-link' attribute before
        returning it to users. An unauthenticated, remote
        attacker can exploit this, via a specially crafted
        request, to execute arbitrary script code in the user's
        browser session. (CVE-2013-6454)
    
      - A flaw exists in the log API within the
        /includes/api/ApiQueryLogEvents.php script that allows
        an unauthenticated, remote attacker to disclose
        potentially sensitive information regarding deleted
        pages. (CVE-2013-6472)
    
      - Multiple flaws exist in the PdfHandler_body.php,
        DjVu.php, Bitmap.php, and ImageHandler.php scripts when
        DjVu or PDF file upload support is enabled due to
        improper sanitization of user-supplied input. An
        authenticated, remote attacker can exploit these, via
        the use of shell metacharacters, to execute execute
        arbitrary shell commands. (CVE-2014-1610)
    
      - A cross-site request forgery (XSRF) vulnerability exists
        in the includes/specials/SpecialChangePassword.php
        script due to a failure to properly handle a correctly
        authenticated but unintended login attempt. An
        unauthenticated, remote attacker, by convincing a user
        to follow a specially crafted link, can exploit this to
        reset the user's password. (CVE-2014-2665)");
      script_set_attribute(attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729629");
      script_set_attribute(attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706601");
      script_set_attribute(attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857");
      script_set_attribute(attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857");
      script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-2031");
      script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-2032");
      script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-4567");
      script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-4568");
      script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-4572");
      script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-6452");
      script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-6453");
      script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-6454");
      script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-6472");
      script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1610");
      script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-2665");
      script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/wheezy/mediawiki");
      script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/wheezy/mediawiki-extensions");
      script_set_attribute(attribute:"see_also", value:"http://www.debian.org/security/2014/dsa-2891");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the mediawiki packages. For the stable distribution (wheezy),
    these issues have been fixed in version 1:1.19.14+dfsg-0+deb7u1 of the
    mediawiki package and version 3.5~deb7u1 of the mediawiki-extensions
    package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"d2_elliot_name", value:"MediaWiki thumb.php page Parameter Remote Shell Command Injection");
      script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'MediaWiki Thumb.php Remote Command Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mediawiki");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mediawiki-extensions");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Debian Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    include("audit.inc");
    include("debian_package.inc");
    include("misc_func.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    oslevel = get_kb_item("Host/Debian/release"); 
    if (empty_or_null(oslevel)) audit(AUDIT_OS_NOT, "Debian");
    if (oslevel !~ "^7\.") audit(AUDIT_OS_NOT, "Debian 7", "Debian " + oslevel);
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"mediawiki", reference:"1:1.19.14+dfsg-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mediawiki-extensions", reference:"3.5~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mediawiki-extensions-base", reference:"3.5~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mediawiki-extensions-collection", reference:"3.5~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mediawiki-extensions-geshi", reference:"3.5~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mediawiki-extensions-graphviz", reference:"3.5~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mediawiki-extensions-ldapauth", reference:"3.5~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mediawiki-extensions-openid", reference:"3.5~deb7u1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        xss        : TRUE,
        xsrf       : TRUE,
        extra      : deb_report_get()
      );
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-22047.NASL
    description - Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki
    last seen2020-03-17
    modified2013-12-14
    plugin id71407
    published2013-12-14
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71407
    titleFedora 20 : mediawiki-1.21.3-1.fc20 (2013-22047)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-22047.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71407);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4572");
      script_bugtraq_id(63757, 63760, 63761);
      script_xref(name:"FEDORA", value:"2013-22047");
    
      script_name(english:"Fedora 20 : mediawiki-1.21.3-1.fc20 (2013-22047)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Kevin Israel (Wikipedia user PleaseStand) identified and
        reported two vectors for injecting JavaScript in CSS
        that bypassed MediaWiki's blacklist (CVE-2013-4567,
        CVE-2013-4568).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=55332>
    
      - Internal review while debugging a site issue discovered
        that MediaWiki and the CentralNotice extension were
        incorrectly setting cache headers when a user was
        autocreated, causing the user's session cookies to be
        cached, and returned to other users (CVE-2013-4572).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=53032>
    
    Additionally, the following extensions have been updated to fix
    security issues :
    
      - CleanChanges: MediaWiki steward Teles reported that
        revision-deleted IP's are not correctly hidden when this
        extension is used (CVE-2013-4569).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=54294>
    
      - ZeroRatedMobileAccess: Tomasz Chlebowski reported an XSS
        vulnerability (CVE-2013-4573).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=55991>
    
      - CentralAuth: MediaWiki developer Platonides reported a
        login CSRF in CentralAuth (CVE-2012-5394).
        <https://bugzilla.wikimedia.org/show_bug.cgi?id=40747>
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1030987"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=40747
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T42747"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=53032
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T55032"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=54294
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T56294"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T57332"
      );
      # https://bugzilla.wikimedia.org/show_bug.cgi?id=55991
      script_set_attribute(
        attribute:"see_also",
        value:"https://phabricator.wikimedia.org/T57991"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123834.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bb6debb6"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mediawiki package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mediawiki");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"mediawiki-1.21.3-1.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mediawiki");
    }