Main Vulnerability Database Vulnerabilities #VU40602

Resource management error in MediaWiki - CVE-2015-8002

Published: November 9, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40602

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-8002

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MediaWiki.org

Affected software:
MediaWiki

Detailed vulnerability description

The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

How to mitigate CVE-2015-8002

Install update from vendor's website.

Sources

http://www.securitytracker.com/id/1034028
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html
https://phabricator.wikimedia.org/T91205

Resource management error in MediaWiki - CVE-2015-8002

Detailed vulnerability description

How to mitigate CVE-2015-8002

Sources

Please verify you're human