Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 4036-1 (mediawiki - security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work: CVE-2017-8808 Cross-site-scripting with non-standard URL escaping and $wgShowExceptionDetails disabled. CVE-2017-8809 Reflected file download in API. CVE-2017-8810 On private wikis the login form didn't distinguish between login failure due to bad username and bad password. CVE-2017-8811 It was possible to mangle HTML via raw message parameter expansion. CVE-2017-8812 id attributes in headlines allowed raw '>'. CVE-2017-8814 Language converter could be tricked into replacing text inside tags. CVE-2017-8815 Unsafe attribute injection via glossary rules in language converter.
Affected Software
Affected Software
mediawiki on Debian Linux
Detection Method
Detection Method
This check tests the installed software version using the apt package manager.
Solution
Solution
For the stable distribution (stretch), these problems have been fixed in version 1:1.27.4-1~deb9u1. We recommend that you upgrade your mediawiki packages.