CVE-2011-0537: Path Traversal
First published: Fri Feb 04 2011(Updated: )
Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki MediaWiki | =1.8.0 | |
| MediaWiki MediaWiki | =1.8.1 | |
| MediaWiki MediaWiki | =1.8.2 | |
| MediaWiki MediaWiki | =1.8.3 | |
| MediaWiki MediaWiki | =1.8.4 | |
| MediaWiki MediaWiki | =1.8.5 | |
| MediaWiki MediaWiki | =1.9.0 | |
| MediaWiki MediaWiki | =1.9.0-rc2 | |
| MediaWiki MediaWiki | =1.9.1 | |
| MediaWiki MediaWiki | =1.9.2 | |
| MediaWiki MediaWiki | =1.9.3 | |
| MediaWiki MediaWiki | =1.9.4 | |
| MediaWiki MediaWiki | =1.9.5 | |
| MediaWiki MediaWiki | =1.9.6 | |
| MediaWiki MediaWiki | =1.10.0 | |
| MediaWiki MediaWiki | =1.10.0-rc1 | |
| MediaWiki MediaWiki | =1.10.0-rc2 | |
| MediaWiki MediaWiki | =1.10.1 | |
| MediaWiki MediaWiki | =1.10.2 | |
| MediaWiki MediaWiki | =1.10.3 | |
| MediaWiki MediaWiki | =1.10.4 | |
| MediaWiki MediaWiki | =1.11 | |
| MediaWiki MediaWiki | =1.11-rc1 | |
| MediaWiki MediaWiki | =1.11.0 | |
| MediaWiki MediaWiki | =1.11.0-rc1 | |
| MediaWiki MediaWiki | =1.11.0rc1 | |
| MediaWiki MediaWiki | =1.11.1 | |
| MediaWiki MediaWiki | =1.11.2 | |
| MediaWiki MediaWiki | =1.11_development | |
| MediaWiki MediaWiki | =1.12.0 | |
| MediaWiki MediaWiki | =1.12.0-rc1 | |
| MediaWiki MediaWiki | =1.12.1 | |
| MediaWiki MediaWiki | =1.12.2 | |
| MediaWiki MediaWiki | =1.12.3 | |
| MediaWiki MediaWiki | =1.12.4 | |
| MediaWiki MediaWiki | =1.13.0 | |
| MediaWiki MediaWiki | =1.13.0-rc1 | |
| MediaWiki MediaWiki | =1.13.0-rc2 | |
| MediaWiki MediaWiki | =1.13.1 | |
| MediaWiki MediaWiki | =1.13.2 | |
| MediaWiki MediaWiki | =1.13.3 | |
| MediaWiki MediaWiki | =1.13.4 | |
| MediaWiki MediaWiki | =1.14.0 | |
| MediaWiki MediaWiki | =1.14.0-rc1 | |
| MediaWiki MediaWiki | =1.14.1 | |
| MediaWiki MediaWiki | =1.15.0 | |
| MediaWiki MediaWiki | =1.15.0-rc1 | |
| MediaWiki MediaWiki | =1.15.1 | |
| MediaWiki MediaWiki | =1.15.2 | |
| MediaWiki MediaWiki | =1.15.3 | |
| MediaWiki MediaWiki | =1.16.0 | |
| MediaWiki MediaWiki | =1.16.0-beta1 | |
| MediaWiki MediaWiki | =1.16.0-beta2 | |
| MediaWiki MediaWiki | =1.16.1 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2011/0273
- http://www.openwall.com/lists/oss-security/2011/02/03/3
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html
- http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz
- http://www.openwall.com/lists/oss-security/2011/02/01/4
- https://bugzilla.wikimedia.org/show_bug.cgi?id=27094
- http://osvdb.org/70799
- http://osvdb.org/70798
- collector/nvd-historical
- agent/references
- agent/type
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/mediawiki
- canonical/mediawiki mediawiki
- version/mediawiki mediawiki/1.8.0
- version/mediawiki mediawiki/1.8.1
- version/mediawiki mediawiki/1.8.2
- version/mediawiki mediawiki/1.8.3
- version/mediawiki mediawiki/1.8.4
- version/mediawiki mediawiki/1.8.5
- version/mediawiki mediawiki/1.9.0
- version/mediawiki mediawiki/1.9.0-rc2
- version/mediawiki mediawiki/1.9.1
- version/mediawiki mediawiki/1.9.2
- version/mediawiki mediawiki/1.9.3
- version/mediawiki mediawiki/1.9.4
- version/mediawiki mediawiki/1.9.5
- version/mediawiki mediawiki/1.9.6
- version/mediawiki mediawiki/1.10.0
- version/mediawiki mediawiki/1.10.0-rc1
- version/mediawiki mediawiki/1.10.0-rc2
- version/mediawiki mediawiki/1.10.1
- version/mediawiki mediawiki/1.10.2
- version/mediawiki mediawiki/1.10.3
- version/mediawiki mediawiki/1.10.4
- version/mediawiki mediawiki/1.11
- version/mediawiki mediawiki/1.11-rc1
- version/mediawiki mediawiki/1.11.0
- version/mediawiki mediawiki/1.11.0-rc1
- version/mediawiki mediawiki/1.11.0rc1
- version/mediawiki mediawiki/1.11.1
- version/mediawiki mediawiki/1.11.2
- version/mediawiki mediawiki/1.11_development
- version/mediawiki mediawiki/1.12.0
- version/mediawiki mediawiki/1.12.0-rc1
- version/mediawiki mediawiki/1.12.1
- version/mediawiki mediawiki/1.12.2
- version/mediawiki mediawiki/1.12.3
- version/mediawiki mediawiki/1.12.4
- version/mediawiki mediawiki/1.13.0
- version/mediawiki mediawiki/1.13.0-rc1
- version/mediawiki mediawiki/1.13.0-rc2
- version/mediawiki mediawiki/1.13.1
- version/mediawiki mediawiki/1.13.2
- version/mediawiki mediawiki/1.13.3
- version/mediawiki mediawiki/1.13.4
- version/mediawiki mediawiki/1.14.0
- version/mediawiki mediawiki/1.14.0-rc1
- version/mediawiki mediawiki/1.14.1
- version/mediawiki mediawiki/1.15.0
- version/mediawiki mediawiki/1.15.0-rc1
- version/mediawiki mediawiki/1.15.1
- version/mediawiki mediawiki/1.15.2
- version/mediawiki mediawiki/1.15.3
- version/mediawiki mediawiki/1.16.0
- version/mediawiki mediawiki/1.16.0-beta1
- version/mediawiki mediawiki/1.16.0-beta2
- version/mediawiki mediawiki/1.16.1
- vendor/microsoft
- canonical/microsoft windows