Lucene search
PRIOn knowledge basePRION:CVE-2015-6728HistorySep 01, 2015 - 2:59 p.m.
Cross site request forgery (csrf)
2015-09-0114:59:00
PRIOn knowledge base
www.prio-n.com
4
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.
References
www.openwall.com/lists/oss-security/2015/08/12/6
www.openwall.com/lists/oss-security/2015/08/27/6
www.securityfocus.com/bid/76334
lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html
security.gentoo.org/glsa/201510-05
Related
nvd
nvd
CVE-2015-6728
2015-09-01 14:59:06
cve
cve
CVE-2015-6728
2015-09-01 14:59:06
ubuntucve
ubuntucve
CVE-2015-6728
2015-09-01 00:00:00
debiancve
debiancve
CVE-2015-6728
2015-09-01 14:59:06
cvelist
cvelist
CVE-2015-6728
2015-09-01 14:00:00
nessus
nessus
MediaWiki < 1.23.10 / 1.24.3 / 1.25.2 Multiple Vulnerabilities
2016-08-05 00:00:00
Fedora 23 : mediawiki-1.25.2-2.fc23 (2015-13920)
2015-08-31 00:00:00
openvas
openvas
MediaWiki Multiple Vulnerabilities (Sep 2015) - Linux
2017-03-09 00:00:00
MediaWiki Multiple Vulnerabilities (Sep 2015) - Windows
2017-03-09 00:00:00
Gentoo Security Advisory GLSA 201510-05
2015-11-08 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: mediawiki-1.25.2-2.fc23
2015-08-28 17:38:31
[SECURITY] Fedora 21 Update: mediawiki-1.24.3-1.fc21
2015-09-03 18:52:14
[SECURITY] Fedora 22 Update: mediawiki-1.25.2-2.fc22
2015-09-03 18:53:15
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2015-08-10 00:00:00
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2015-10-31 00:00:00