CVE-2012-4885 - The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attacke

CVE-2012-4885

Summary

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.

References

Vulnerable Configurations

cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 10-09-2012 - 18:27)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	52689
confirm	https://bugzilla.wikimedia.org/show_bug.cgi?id=22555 https://bugzilla.wikimedia.org/show_bug.cgi?id=35315
mlist	[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3 [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2 [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2 [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2
secunia	48504

Last major update

10-09-2012 - 18:27

Published

09-09-2012 - 21:55

Last modified

10-09-2012 - 18:27