Improper handling of exceptional conditions in XWiki platform

#VU72780 Improper handling of exceptional conditions in XWiki platform

Published: 2023-03-06

Vulnerability identifier: #VU72780

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-26479

CWE-ID: CWE-755

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
XWiki platform
Web applications / CMS

Vendor: XWiki

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of errors. A remote user can send specially crafted input and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

XWiki platform: 6.0

External links
http://jira.xwiki.org/browse/XWIKI-19838
http://github.com/xwiki/xwiki-platform/commit/e5b82cd98072464196a468b8f7fe6396dce142a7
http://github.com/xwiki/xwiki-platform/security/advisories/GHSA-52vf-hvv3-98h7

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in XWiki Platform