CVE Vulnerabilities

CVE-2015-8002

Published: Nov 09, 2015 | Modified: Nov 10, 2015
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu
LOW

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

Affected Software

Name Vendor Start Version End Version
Mediawiki Mediawiki * 1.23.10 (including)
Mediawiki Mediawiki 1.24.0 (including) 1.24.0 (including)
Mediawiki Mediawiki 1.24.1 (including) 1.24.1 (including)
Mediawiki Mediawiki 1.24.2 (including) 1.24.2 (including)
Mediawiki Mediawiki 1.24.3 (including) 1.24.3 (including)
Mediawiki Mediawiki 1.25.0 (including) 1.25.0 (including)
Mediawiki Mediawiki 1.25.1 (including) 1.25.1 (including)
Mediawiki Mediawiki 1.25.2 (including) 1.25.2 (including)
Mediawiki Ubuntu artful *
Mediawiki Ubuntu precise *
Mediawiki Ubuntu trusty *
Mediawiki Ubuntu upstream *
Mediawiki Ubuntu vivid *
Mediawiki Ubuntu wily *
Mediawiki Ubuntu yakkety *
Mediawiki Ubuntu zesty *

References