Description

The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.

Remediation

References

CVE-2014-5241

Related Vulnerabilities

WordPress Plugin WP Fastest Cache Cross-Site Scripting (0.8.5.5)

Oracle HTTP Server Other Vulnerability (CVE-2006-5350)

WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.8.5.7)

WordPress Multiple Vulnerabilities (0.70 - 3.6.1)

WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6)

Severity

Medium

Classification

CVE-2014-5241 CWE-352

Tags

Missing Update Known Vulnerabilities