Lucene search
PRIOn knowledge basePRION:CVE-2015-8623HistoryMar 23, 2017 - 8:59 p.m.
Cross site request forgery (csrf)
2017-03-2320:59:00
PRIOn knowledge base
www.prio-n.com
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.
Related
prion
prion
Cross site request forgery (csrf)
2017-03-23 20:59:00
cvelist
cvelist
CVE-2015-8623
2017-03-23 20:00:00
CVE-2015-8624
2017-03-23 20:00:00
cve
cve
CVE-2015-8623
2017-03-23 20:59:00
CVE-2015-8624
2017-03-23 20:59:00
nvd
nvd
CVE-2015-8624
2017-03-23 20:59:00
CVE-2015-8623
2017-03-23 20:59:00
ubuntucve
ubuntucve
CVE-2015-8624
2017-03-23 00:00:00
CVE-2015-8623
2017-03-23 00:00:00
debiancve
debiancve
CVE-2015-8623
2017-03-23 20:59:00
CVE-2015-8624
2017-03-23 20:59:00
nessus
nessus
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0486)
2015-12-28 00:00:00
MediaWiki Multiple Vulnerabilities (Dec 2015) - Linux
2017-03-29 00:00:00
MediaWiki Multiple Vulnerabilities (Dec 2015) - Windows
2017-03-29 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2015-12-24 14:08:20
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2015-12-18 00:00:00
archlinux
archlinux
mediawiki: multiple issues
2015-12-25 00:00:00