Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43693
HistoryOct 10, 2023 - 1:55 a.m.

Denial Of Service (DoS)

2023-10-1001:55:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
mediawiki
api
vulnerability
dos
apipageset.php

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.6%

mediawiki is vulnerable to Denial Of Service (DoS). The vulnerability exists in the ApiPageSet.php, This vulnerability allows an attacker to crash the application by triggering an unbounded loop and RequestTimeoutException when querying pages redireced to other variants with redirects and converttitles set

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.6%