CVE-2015-2937

2015-04-1300:00:00

ubuntu.com

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

EPSS

0.036

Percentile

91.7%

JSON

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2,
when using HHVM or Zend PHP, allows remote attackers to cause a denial of
service (“quadratic blowup” and memory consumption) via an XML file
containing an entity declaration with long replacement text and many
references to this entity, a different vulnerability than CVE-2015-2942.