Main Vulnerability Database Vulnerabilities #VU40601

Resource management error in MediaWiki - CVE-2015-8003

Published: November 9, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40601

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-8003

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MediaWiki.org

Affected software:
MediaWiki

Detailed vulnerability description

The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.

How to mitigate CVE-2015-8003

Install update from vendor's website.

Sources

http://www.securitytracker.com/id/1034028
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html
https://phabricator.wikimedia.org/T91850

Resource management error in MediaWiki - CVE-2015-8003

Detailed vulnerability description

How to mitigate CVE-2015-8003

Sources

Please verify you're human