CVE-2014-5243: Input Validation
First published: Fri Aug 22 2014(Updated: )
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki | <=1.19.17 | |
| MediaWiki | =1.19 | |
| MediaWiki | =1.19-beta_1 | |
| MediaWiki | =1.19-beta_2 | |
| MediaWiki | =1.19.0 | |
| MediaWiki | =1.19.1 | |
| MediaWiki | =1.19.2 | |
| MediaWiki | =1.19.3 | |
| MediaWiki | =1.19.4 | |
| MediaWiki | =1.19.5 | |
| MediaWiki | =1.19.6 | |
| MediaWiki | =1.19.7 | |
| MediaWiki | =1.19.8 | |
| MediaWiki | =1.19.9 | |
| MediaWiki | =1.19.10 | |
| MediaWiki | =1.19.11 | |
| MediaWiki | =1.19.12 | |
| MediaWiki | =1.19.13 | |
| MediaWiki | =1.19.14 | |
| MediaWiki | =1.19.15 | |
| MediaWiki | =1.19.16 | |
| MediaWiki | =1.20.1 | |
| MediaWiki | =1.20.2 | |
| MediaWiki | =1.20.3 | |
| MediaWiki | =1.20.4 | |
| MediaWiki | =1.20.5 | |
| MediaWiki | =1.20.6 | |
| MediaWiki | =1.20.7 | |
| MediaWiki | =1.20.8 | |
| MediaWiki | =1.21.1 | |
| MediaWiki | =1.21.2 | |
| MediaWiki | =1.21.3 | |
| MediaWiki | =1.21.4 | |
| MediaWiki | =1.21.5 | |
| MediaWiki | =1.21.6 | |
| MediaWiki | =1.21.7 | |
| MediaWiki | =1.21.8 | |
| MediaWiki | =1.21.9 | |
| MediaWiki | =1.21.10 | |
| MediaWiki | =1.22.0 | |
| MediaWiki | =1.22.1 | |
| MediaWiki | =1.22.2 | |
| MediaWiki | =1.22.3 | |
| MediaWiki | =1.22.4 | |
| MediaWiki | =1.22.5 | |
| MediaWiki | =1.22.6 | |
| MediaWiki | =1.22.7 | |
| MediaWiki | =1.22.8 | |
| MediaWiki | =1.23.0 | |
| MediaWiki | =1.23.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0309.html
- http://openwall.com/lists/oss-security/2014/08/14/5
- http://secunia.com/advisories/59738
- http://www.debian.org/security/2014/dsa-3011
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:153
- https://bugzilla.wikimedia.org/show_bug.cgi?id=65778
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html
Frequently Asked Questions
What is the severity of CVE-2014-5243?
CVE-2014-5243 has a medium severity level due to its potential to allow clickjacking attacks.
How do I fix CVE-2014-5243?
To fix CVE-2014-5243, update MediaWiki to version 1.19.18, 1.22.9, or 1.23.2 or later.
What are the affected versions for CVE-2014-5243?
CVE-2014-5243 affects MediaWiki versions prior to 1.19.18, 1.22.9, and 1.23.2.
What types of attacks does CVE-2014-5243 enable?
CVE-2014-5243 enables remote attackers to conduct clickjacking attacks.
Which applications are vulnerable to CVE-2014-5243?
MediaWiki versions 1.19.x, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 are vulnerable to CVE-2014-5243.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mediawiki
- canonical/mediawiki
- version/mediawiki/1.19.17
- version/mediawiki/1.19
- version/mediawiki/1.19-beta_1
- version/mediawiki/1.19-beta_2
- version/mediawiki/1.19.0
- version/mediawiki/1.19.1
- version/mediawiki/1.19.2
- version/mediawiki/1.19.3
- version/mediawiki/1.19.4
- version/mediawiki/1.19.5
- version/mediawiki/1.19.6
- version/mediawiki/1.19.7
- version/mediawiki/1.19.8
- version/mediawiki/1.19.9
- version/mediawiki/1.19.10
- version/mediawiki/1.19.11
- version/mediawiki/1.19.12
- version/mediawiki/1.19.13
- version/mediawiki/1.19.14
- version/mediawiki/1.19.15
- version/mediawiki/1.19.16
- version/mediawiki/1.20.1
- version/mediawiki/1.20.2
- version/mediawiki/1.20.3
- version/mediawiki/1.20.4
- version/mediawiki/1.20.5
- version/mediawiki/1.20.6
- version/mediawiki/1.20.7
- version/mediawiki/1.20.8
- version/mediawiki/1.21.1
- version/mediawiki/1.21.2
- version/mediawiki/1.21.3
- version/mediawiki/1.21.4
- version/mediawiki/1.21.5
- version/mediawiki/1.21.6
- version/mediawiki/1.21.7
- version/mediawiki/1.21.8
- version/mediawiki/1.21.9
- version/mediawiki/1.21.10
- version/mediawiki/1.22.0
- version/mediawiki/1.22.1
- version/mediawiki/1.22.2
- version/mediawiki/1.22.3
- version/mediawiki/1.22.4
- version/mediawiki/1.22.5
- version/mediawiki/1.22.6
- version/mediawiki/1.22.7
- version/mediawiki/1.22.8
- version/mediawiki/1.23.0
- version/mediawiki/1.23.1