Check Point discovers critical vulnerability in MediaWiki
Posted on 30 January 2014.
Check Point found a critical vulnerability in the MediaWiki project Web platform, a popular open source Web platform used to create and maintain 'wiki' Web sites. The MediaWiki platform includes Wikipedia.org, with over 94 million unique visitors per month.

Check Point researchers discovered that this critical vulnerability left MediaWiki (version 1.8 onwards) exposed to remote code execution (RCE), where an attacker can gain complete control of the vulnerable web server.

This vulnerability has been assigned CVE-2014-1610 by the MITRE organization. In order for a site to be vulnerable, a specific non-default setting must be enabled in the MediaWiki settings. While the exact extent of affected organizations is unknown, this vulnerability was confirmed to impact some of the largest known MediaWiki deployments in the world.

They alerted the WikiMedia Foundation about the vulnerability, and after verification, the Foundation issued an update and patch to the MediaWiki software.

Prior to the availability of a patch for this vulnerability, an attacker could have injected malware infection code into every page in Wikipedia.org, as well as into any other internal or Web-facing wiki site running on MediaWiki with the affected settings.

Since 2006, this is only the third RCE vulnerability found in the MediaWiki platform.

"It only takes a single vulnerability on a widely adopted platform for a hacker to infiltrate and wreak widespread damage. The Check Point Vulnerability Research Group focuses on finding these security exposures and deploying the necessary real-time protections to secure the Internet. We're pleased that the MediaWiki platform is now protected against attacks on this vulnerability, which would have posed great security risk for millions of daily 'wiki' site users," said Dorit Dor, vice president of products at Check Point Software Technologies.





Spotlight

How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victimís financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if youíre using a RF-based card, along with our top safety tips to keep your payments secure.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //