Oval Definition:oval:org.mitre.oval:def:19786
Revision Date:2014-06-23Version:7
Title:DSA-2753-1 mediawiki - cross-site request forgery token disclosure
Description:It was discovered that in Mediawiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2013-4302
DSA-2753-1
Platform(s):Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Debian GNU/Linux 6.0
Debian GNU/Linux 7
Product(s):mediawiki
Definition Synopsis
  • Release section
  • Debian 6.0 is installed
  • AND GNU/Linux or GNU/kFreeBSD kernel
  • Debian GNU/Linux is installed
  • OR Debian GNU/kFreeBSD is installed
  • AND mediawiki DPKG is earlier than 1:1.15.5-2squeeze6
  • Release section
  • Debian 7 is installed
  • AND GNU/Linux or GNU/kFreeBSD kernel
  • Debian GNU/Linux is installed
  • OR Debian GNU/kFreeBSD is installed
  • AND mediawiki DPKG is earlier than 1:1.19.5-1+deb7u1
    • BACK