Lucene search
PRIOn knowledge basePRION:CVE-2015-8624HistoryMar 23, 2017 - 8:59 p.m.
Cross site request forgery (csrf)
2017-03-2320:59:00
PRIOn knowledge base
www.prio-n.com
5
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.
Related
cvelist
cvelist
CVE-2015-8623
2017-03-23 20:00:00
CVE-2015-8624
2017-03-23 20:00:00
cve
cve
CVE-2015-8623
2017-03-23 20:59:00
CVE-2015-8624
2017-03-23 20:59:00
nvd
nvd
CVE-2015-8624
2017-03-23 20:59:00
CVE-2015-8623
2017-03-23 20:59:00
ubuntucve
ubuntucve
CVE-2015-8624
2017-03-23 00:00:00
CVE-2015-8623
2017-03-23 00:00:00
prion
prion
Cross site request forgery (csrf)
2017-03-23 20:59:00
debiancve
debiancve
CVE-2015-8623
2017-03-23 20:59:00
CVE-2015-8624
2017-03-23 20:59:00
nessus
nessus
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0486)
2015-12-28 00:00:00
MediaWiki Multiple Vulnerabilities (Dec 2015) - Linux
2017-03-29 00:00:00
MediaWiki Multiple Vulnerabilities (Dec 2015) - Windows
2017-03-29 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2015-12-24 14:08:20
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2015-12-18 00:00:00
archlinux
archlinux
mediawiki: multiple issues
2015-12-25 00:00:00