Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-6728HistorySep 01, 2015 - 2:59 p.m.
CVE-2015-6728
2015-09-0114:59:06
Debian Security Bug Tracker
security-tracker.debian.org
9
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.0%
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | mediawiki | < 1:1.25.5-1 | mediawiki_1:1.25.5-1_all.deb |
| Debian | 11 | all | mediawiki | < 1:1.25.5-1 | mediawiki_1:1.25.5-1_all.deb |
| Debian | 10 | all | mediawiki | < 1:1.25.5-1 | mediawiki_1:1.25.5-1_all.deb |
| Debian | 999 | all | mediawiki | < 1:1.25.5-1 | mediawiki_1:1.25.5-1_all.deb |
| Debian | 13 | all | mediawiki | < 1:1.25.5-1 | mediawiki_1:1.25.5-1_all.deb |
Related
prion
prion
Cross site request forgery (csrf)
2015-09-01 14:59:00
cvelist
cvelist
CVE-2015-6728
2015-09-01 14:00:00
nvd
nvd
CVE-2015-6728
2015-09-01 14:59:06
cve
cve
CVE-2015-6728
2015-09-01 14:59:06
ubuntucve
ubuntucve
CVE-2015-6728
2015-09-01 00:00:00
nessus
nessus
MediaWiki < 1.23.10 / 1.24.3 / 1.25.2 Multiple Vulnerabilities
2016-08-05 00:00:00
FreeBSD : mediawiki -- multiple vulnerabilities (6241b5df-42a1-11e5-93ad-002590263bf5)
2015-08-17 00:00:00
Fedora 23 : mediawiki-1.25.2-2.fc23 (2015-13920)
2015-08-31 00:00:00
openvas
openvas
MediaWiki Multiple Vulnerabilities (Sep 2015) - Windows
2017-03-09 00:00:00
MediaWiki Multiple Vulnerabilities (Sep 2015) - Linux
2017-03-09 00:00:00
Gentoo Security Advisory GLSA 201510-05
2015-11-08 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: mediawiki-1.25.2-2.fc22
2015-09-03 18:53:15
[SECURITY] Fedora 21 Update: mediawiki-1.24.3-1.fc21
2015-09-03 18:52:14
[SECURITY] Fedora 23 Update: mediawiki-1.25.2-2.fc23
2015-08-28 17:38:31
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2015-08-10 00:00:00
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2015-10-31 00:00:00
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.0%
Related for DEBIANCVE:CVE-2015-6728