#VU40971 Command Injection in MediaWiki - CVE-2014-9277
Published: January 4, 2015 / Updated: August 9, 2020
Vulnerability identifier: #VU40971
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2014-9277
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
MediaWiki
MediaWiki
Software vendor:
MediaWiki.org
MediaWiki.org
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.
Remediation
Install update from vendor's website.
External links
- http://securitytracker.com/id?1031301
- http://www.debian.org/security/2014/dsa-3100
- http://www.openwall.com/lists/oss-security/2014/12/03/9
- http://www.openwall.com/lists/oss-security/2014/12/04/16
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html
- https://phabricator.wikimedia.org/T73478