Lucene search
K

5 matches found

OpenVAS
OpenVAS
added 2017/03/29 12:0 a.m.30 views

MediaWiki Multiple Vulnerabilities (Dec 2015) - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

9.8CVSS7AI score0.01888EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/03/23 8:59 p.m.17 views

CVE-2015-8623

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...

8.8CVSS7.2AI score0.00731EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/03/23 8:0 p.m.19 views

CVE-2015-8623

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...

8.8CVSS8.6AI score0.00731EPSS
Exploits0
CVE
CVE
added 2017/03/23 8:0 p.m.64 views

CVE-2015-8623

The CVE describes a timing-attack CSRF bypass in MediaWiki’s Token check: User::matchEditToken in includes/User.php fails to compare the edit token in constant time for certain old branches, allowing remote attackers to guess tokens. Affected versions include MediaWiki before 1.23.12 and 1.24.x b...

8.8CVSS8.4AI score0.00731EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2015/12/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2015-0486)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7AI score0.01888EPSS
Exploits0References5
Rows per page
Query Builder