CVE-2014-9277
Description
The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 1:1.19.20+dfsg-2.1 |
| sid | Fixed | 1:1.19.20+dfsg-2.1 |
| forky | Fixed | 1:1.19.20+dfsg-2.1 |
| bullseye | Fixed | 1:1.19.20+dfsg-2.1 |
| bookworm | Fixed | 1:1.19.20+dfsg-2.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mediawiki | mediawiki | {"endIncluding":"1.19.21"} | |
| mediawiki | mediawiki | 1.20 | |
| mediawiki | mediawiki | 1.20.1 | |
| mediawiki | mediawiki | 1.20.2 | |
| mediawiki | mediawiki | 1.20.3 | |
| mediawiki | mediawiki | 1.20.4 | |
| mediawiki | mediawiki | 1.20.5 | |
| mediawiki | mediawiki | 1.20.6 | |
| mediawiki | mediawiki | 1.20.7 | |
| mediawiki | mediawiki | 1.20.8 | |
| mediawiki | mediawiki | 1.21 | |
| mediawiki | mediawiki | 1.21.1 | |
| mediawiki | mediawiki | 1.21.2 | |
| mediawiki | mediawiki | 1.21.3 | |
| mediawiki | mediawiki | 1.21.4 | |
| mediawiki | mediawiki | 1.21.5 | |
| mediawiki | mediawiki | 1.21.6 | |
| mediawiki | mediawiki | 1.21.7 | |
| mediawiki | mediawiki | 1.21.8 | |
| mediawiki | mediawiki | 1.21.9 | |
| mediawiki | mediawiki | 1.21.10 | |
| mediawiki | mediawiki | 1.21.11 | |
| mediawiki | mediawiki | 1.22.0 | |
| mediawiki | mediawiki | 1.22.1 | |
| mediawiki | mediawiki | 1.22.2 | |
| mediawiki | mediawiki | 1.22.3 | |
| mediawiki | mediawiki | 1.22.4 | |
| mediawiki | mediawiki | 1.22.5 | |
| mediawiki | mediawiki | 1.22.6 | |
| mediawiki | mediawiki | 1.22.7 | |
| mediawiki | mediawiki | 1.22.8 | |
| mediawiki | mediawiki | 1.22.10 | |
| mediawiki | mediawiki | 1.22.11 | |
| mediawiki | mediawiki | 1.22.12 | |
| mediawiki | mediawiki | 1.22.13 | |
| mediawiki | mediawiki | 1.23.0 | |
| mediawiki | mediawiki | 1.23.1 | |
| mediawiki | mediawiki | 1.23.2 | |
| mediawiki | mediawiki | 1.23.3 | |
| mediawiki | mediawiki | 1.23.4 | |
| mediawiki | mediawiki | 1.23.5 | |
| mediawiki | mediawiki | 1.23.6 | |
References
- http://securitytracker.com/id?1031301
- http://www.debian.org/security/2014/dsa-3100
- http://www.openwall.com/lists/oss-security/2014/12/03/9
- http://www.openwall.com/lists/oss-security/2014/12/04/16
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html
- https://phabricator.wikimedia.org/T73478
- https://security-tracker.debian.org/tracker/CVE-2014-9277
CWEs
CWE-77
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.