vulnerability
MediaWiki: Improper Access Control (CVE-2015-8627)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Mar 23, 2017 | Aug 24, 2017 | May 13, 2022 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Mar 23, 2017
Added
Aug 24, 2017
Modified
May 13, 2022
Description
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.
Solution
mediawiki-upgrade-latest
References
- CVE-2015-8627
- https://attackerkb.com/topics/CVE-2015-8627
- URL-http://www.openwall.com/lists/oss-security/2015/12/21/8
- URL-http://www.openwall.com/lists/oss-security/2015/12/23/7
- URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html
- URL-https://phabricator.wikimedia.org/T97897
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.