Check Point discovers critical vulnerability in MediaWiki

Check Point found a critical vulnerability in the MediaWiki project Web platform, a popular open source Web platform used to create and maintain ‘wiki’ Web sites. The MediaWiki platform includes Wikipedia.org, with over 94 million unique visitors per month.

Check Point researchers discovered that this critical vulnerability left MediaWiki (version 1.8 onwards) exposed to remote code execution (RCE), where an attacker can gain complete control of the vulnerable web server.

This vulnerability has been assigned CVE-2014-1610 by the MITRE organization. In order for a site to be vulnerable, a specific non-default setting must be enabled in the MediaWiki settings. While the exact extent of affected organizations is unknown, this vulnerability was confirmed to impact some of the largest known MediaWiki deployments in the world.

They alerted the WikiMedia Foundation about the vulnerability, and after verification, the Foundation issued an update and patch to the MediaWiki software.

Prior to the availability of a patch for this vulnerability, an attacker could have injected malware infection code into every page in Wikipedia.org, as well as into any other internal or Web-facing wiki site running on MediaWiki with the affected settings.

Since 2006, this is only the third RCE vulnerability found in the MediaWiki platform.

“It only takes a single vulnerability on a widely adopted platform for a hacker to infiltrate and wreak widespread damage. The Check Point Vulnerability Research Group focuses on finding these security exposures and deploying the necessary real-time protections to secure the Internet. We’re pleased that the MediaWiki platform is now protected against attacks on this vulnerability, which would have posed great security risk for millions of daily ‘wiki’ site users,” said Dorit Dor, vice president of products at Check Point Software Technologies.