ID CVE-2015-2936
Summary MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.
References
Vulnerable Configurations
  • cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 07-12-2016 - 18:10)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
refmap via4
bid 73477
confirm https://phabricator.wikimedia.org/T64685
gentoo GLSA-201510-05
mandriva MDVSA-2015:200
mlist
  • [MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2
  • [oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24
  • [oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24
Last major update 07-12-2016 - 18:10
Published 13-04-2015 - 14:59
Last modified 07-12-2016 - 18:10
Back to Top