MediaWiki Frames Processing Clickjacking Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running MediaWiki and clickjacking information disclosure vulnerability.

Impact

Successful exploitation will let remote attackers to hijack the victim's click actions and possibly launch further attacks against the victim. Impact level: Application

Solution

Upgrade to MediaWiki 1.16.1 or later, For updates refer to http://www.mediawiki.org/wiki/Download

Insight

The flaw is caused by input validation errors when processing certain data via frames, which could allow clickjacking attacks.

Affected

MediaWiki version prior to 1.16.1

References

http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html
http://osvdb.org/70272
http://secunia.com/advisories/42810
http://www.vupen.com/english/advisories/2011/0017
http://xforce.iss.net/xforce/xfdb/64476

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0003

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Apache Struts Directory Traversal Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability

Take action and discover your vulnerabilities