vulnerability
MediaWiki: Improper Restriction of XML External Entity Reference ('XXE') (CVE-2014-9487)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Oct 17, 2017 | Oct 23, 2019 | Mar 7, 2024 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Oct 17, 2017
Added
Oct 23, 2019
Modified
Mar 7, 2024
Description
The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.
Solution
mediawiki-upgrade-latest
References
- CVE-2014-9487
- https://attackerkb.com/topics/CVE-2014-9487
- URL-http://www.openwall.com/lists/oss-security/2015/01/03/13
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1175828
- URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html
- URL-https://security.gentoo.org/glsa/201502-04
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.