CVE-2015-8003 - OpenCVE

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:S/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mediawiki	Mediawiki

Configuration 1 [-]

OR	cpe:2.3:a:mediawiki:mediawiki::::::::
	cpe:2.3:a:mediawiki:mediawiki:1.24.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.24.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.24.2:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.24.3:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.25.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.25.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.25.2:::::::*

References

Link	Resource
http://www.securitytracker.com/id/1034028
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	Patch Vendor Advisory
https://phabricator.wikimedia.org/T91850	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-11-09T18:00:00

Updated: 2015-11-09T17:57:01

Reserved: 2015-10-28T00:00:00

Link: CVE-2015-8003

JSON object: View

NVD Information

Status : Analyzed

Published: 2015-11-09T18:59:02.727

Modified: 2015-11-10T17:53:45.350

Link: CVE-2015-8003

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-10-16T00:00:00", "descriptions": [{"lang": "en", "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-11-09T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1034028", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034028"}, {"name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://phabricator.wikimedia.org/T91850"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8003", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1034028", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034028"}, {"name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11", "refsource": "MLIST", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"}, {"name": "https://phabricator.wikimedia.org/T91850", "refsource": "CONFIRM", "url": "https://phabricator.wikimedia.org/T91850"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8003", "datePublished": "2015-11-09T18:00:00", "dateReserved": "2015-10-28T00:00:00", "dateUpdated": "2015-11-09T17:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE35D692-87E9-4982-AA23-27EBD5E5EEE1", "versionEndIncluding": "1.23.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*", "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*", "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*", "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*", "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*", "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads."}, {"lang": "es", "value": "MediaWiki en versiones anteriores a 1.23.11, 1.24.x en versiones anteriores a 1.24.4 y 1.25.x en versiones anteriores a 1.25.3 no regula la subida de archivos, lo que permite a usuarios remotos autenticados tener un impacto no especificado a trav\u00e9s de m\u00faltiples subidas de archivos."}], "id": "CVE-2015-8003", "lastModified": "2015-11-10T17:53:45.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-09T18:59:02.727", "references": [{"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1034028"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://phabricator.wikimedia.org/T91850"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}