ID |
CVE-2012-4885
|
Summary |
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*
-
cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*
-
cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*
-
cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*
-
cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*
-
cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*
-
cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*
-
cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*
-
cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*
|
CVSS |
Base: | 5.0 (as of 10-09-2012 - 18:27) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-noinfo |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
refmap
via4
|
bid | 52689 | confirm | | mlist | - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3
- [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2
- [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2
- [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2
| secunia | 48504 |
|
Last major update |
10-09-2012 - 18:27 |
Published |
09-09-2012 - 21:55 |
Last modified |
10-09-2012 - 18:27 |