CVE-2015-8002Mediawiki vulnerability

CWE-3997 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
0.5%
top 33.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedNov 9
Latest updateMay 17

Description

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.25.5-1 (bookworm)
Debianmediawiki/mediawiki< 1:1.25.5-1+3
NVDmediawiki/mediawiki1.23.10+7

Patches

Patch: lists.wikimedia.orgPatch: lists.wikimedia.org

🔴Vulnerability Details

2
GHSA
GHSA-pgp4-g94c-393r: The chunked upload API (ApiUpload) in MediaWiki before 12022-05-17
OSV
CVE-2015-8002: The chunked upload API (ApiUpload) in MediaWiki before 12015-11-09

📋Vendor Advisories

1
Debian
CVE-2015-8002: mediawiki - The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1....2015

💬Community

3
Bugzilla
CVE-2015-8001 CVE-2015-8002 CVE-2015-8003 CVE-2015-8004 CVE-2015-8005 CVE-2015-8006 CVE-2015-8007 CVE-2015-8008 CVE-2015-8009 mediawiki: multiple flaws fixed in 1.25.3, 1.24.4, and 1.23.11 [fedora-all2015-10-20
Bugzilla
CVE-2015-8001 CVE-2015-8002 CVE-2015-8003 CVE-2015-8004 CVE-2015-8005 CVE-2015-8006 CVE-2015-8007 CVE-2015-8008 CVE-2015-8009 mediawiki: multiple flaws fixed in 1.25.3, 1.24.4, and 1.23.11 [epel-all]2015-10-20
Bugzilla
CVE-2015-8001 CVE-2015-8002 CVE-2015-8003 CVE-2015-8004 CVE-2015-8005 CVE-2015-8006 CVE-2015-8007 CVE-2015-8008 CVE-2015-8009 mediawiki: multiple flaws fixed in 1.25.3, 1.24.4, and 1.23.112015-10-20
CVE-2015-8002 — Debian Mediawiki vulnerability | cvebase