Lucene search
K

7 matches found

NVD
NVD
added 2017/03/23 8:59 p.m.15 views

CVE-2015-8624

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to...

8.8CVSS8.6AI score0.00746EPSS
Exploits0References4
OSV
OSV
added 2017/03/23 8:59 p.m.2 views

UBUNTU-CVE-2015-8624

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to...

8.8CVSS7.3AI score0.00746EPSS
Exploits0References3
OSV
OSV
added 2017/03/23 8:59 p.m.3 views

DEBIAN-CVE-2015-8623

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...

8.8CVSS7.1AI score0.00731EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/03/23 8:0 p.m.26 views

CVE-2015-8624

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to...

8.8AI score0.00746EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2017/03/23 8:0 p.m.35 views

CVE-2015-8623

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...

8.8CVSS8.6AI score0.00731EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/03/23 8:0 p.m.32 views

CVE-2015-8624

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to...

8.8CVSS8.6AI score0.00746EPSS
Exploits0
CVE
CVE
added 2017/03/23 8:0 p.m.65 views

CVE-2015-8623

The CVE describes a timing-attack CSRF bypass in MediaWiki’s Token check: User::matchEditToken in includes/User.php fails to compare the edit token in constant time for certain old branches, allowing remote attackers to guess tokens. Affected versions include MediaWiki before 1.23.12 and 1.24.x b...

8.8CVSS8.4AI score0.00731EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder