CVE-2014-1610

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://gerrit.wikimedia.org/r/#/c/110215/
http://secunia.com/advisories/56695	Vendor Advisory
http://osvdb.org/102630
https://bugzilla.wikimedia.org/show_bug.cgi?id=60339
https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php
https://gerrit.wikimedia.org/r/#/c/110069/	Vendor Advisory
https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff
https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff
http://www.osvdb.org/102631
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html	Vendor Advisory
http://www.exploit-db.com/exploits/31329/
http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html
http://www.securitytracker.com/id/1029707
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html
http://www.securityfocus.com/bid/65223
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html
http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html
http://secunia.com/advisories/57472
http://www.debian.org/security/2014/dsa-2891

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mediawiki:mediawiki:1.19.2:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.19.3:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.19.4:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.19.5:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.21.4:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.21.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.21.2:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.21.3:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.19.10:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.19.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.19.6:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.19.8:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.22.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.19.9:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.19.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.22.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.19.7:::::::*

Information

Published : 2014-01-30 15:55

Updated : 2016-05-25 08:01

NVD link : CVE-2014-1610

Mitre link : CVE-2014-1610

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

mediawiki

mediawiki

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://gerrit.wikimedia.org/r/#/c/110215/", "name": "https://gerrit.wikimedia.org/r/#/c/110215/", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/56695", "name": "56695", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/102630", "name": "102630", "tags": [], "refsource": "OSVDB"}, {"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60339", "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60339", "tags": [], "refsource": "CONFIRM"}, {"url": "https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php", "name": "https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php", "tags": [], "refsource": "MISC"}, {"url": "https://gerrit.wikimedia.org/r/#/c/110069/", "name": "https://gerrit.wikimedia.org/r/#/c/110069/", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff", "name": "https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff", "tags": [], "refsource": "MISC"}, {"url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff", "name": "https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff", "tags": [], "refsource": "MISC"}, {"url": "http://www.osvdb.org/102631", "name": "102631", "tags": [], "refsource": "OSVDB"}, {"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html", "name": "[MediaWiki-announce] 20140128 MediaWiki Security Releases: 1.22.2, 1.21.5 and 1.19.11", "tags": ["Vendor Advisory"], "refsource": "MLIST"}, {"url": "http://www.exploit-db.com/exploits/31329/", "name": "31329", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html", "name": "http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.securitytracker.com/id/1029707", "name": "1029707", "tags": [], "refsource": "SECTRACK"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html", "name": "FEDORA-2014-1802", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.securityfocus.com/bid/65223", "name": "65223", "tags": [], "refsource": "BID"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html", "name": "FEDORA-2014-1745", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html", "name": "http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/57472", "name": "57472", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2014/dsa-2891", "name": "DSA-2891", "tags": [], "refsource": "DEBIAN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-1610", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-01-30T23:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-05-25T15:01Z"}

6.0 /10