APP: MediaWiki Remote Code Execution
This signature detects attempts to exploit a known flaw in the MediaWiki web application. An attacker can send a malformed request to the server which could result in arbitrary code execution on the server with the privileges of the HTTP daemon user.
Extended Description
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
Affected Products
Mediawiki mediawiki
Short Name
APP:MEDIAWIKI-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2014-1610 Code Execution MediaWiki Remote
Release Date
02/03/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Mediawiki
CVSS Score
6.0