Lucene search

K

MitreCVELIST:CVE-2015-6728

HistorySep 01, 2015 - 2:00 p.m.

CVE-2015-6728

2015-09-0114:00:00

mitre

www.cve.org

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.0%

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

References

lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html

www.openwall.com/lists/oss-security/2015/08/12/6

www.openwall.com/lists/oss-security/2015/08/27/6

www.securityfocus.com/bid/76334

lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html

security.gentoo.org/glsa/201510-05

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.0%

Related for CVELIST:CVE-2015-6728

cve1 nvd1 prion1 ubuntucve1 debiancve1 nessus4 openvas3 fedora3 freebsd1 gentoo1