Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mercredi 10 juillet 2019

Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 API denial of service

A vulnerability was found in Wikimedia MediaWiki up to 1.27.5/1.30.1/1.31.1/1.32.1 (Content Management System) and classified as problematic. Affected by this issue is some unknown functionality of the component API. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. Impacted is availability.

The weakness was presented 07/10/2019 as mailinglist post (Bugtraq). The advisory is available at seclists.org. This vulnerability is handled as CVE-2019-12473 since 05/30/2019. The technical details are unknown and an exploit is not available.

Upgrading to version 1.27.6, 1.30.2, 1.31.2 or 1.32.2 eliminates this vulnerability.

See 137671, 137672, 137673 and 137674 for similar entries.

Product

Type

Vendor

Name

CPE 2.3

CPE 2.2

CVSSv3

VulDB Meta Base Score: 3.5
VulDB Meta Temp Score: 3.4

VulDB Base Score: ≈3.5
VulDB Temp Score: ≈3.4
VulDB Vector: 🔒
VulDB Reliability: 🔍

CVSSv2

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍

Exploiting

Class: Denial of service (CWE-404)
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligence

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍

Countermeasures

Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2

Timeline

05/30/2019 CVE assigned
07/10/2019 Advisory disclosed
07/11/2019 VulDB entry created
07/11/2019 VulDB last update

Sources

Advisory: seclists.org
Confirmation: 🔒

CVE: CVE-2019-12473 (🔒)
See also: 🔒

Entry

Created: 07/11/2019 11:14 AM
Complete: 🔍

Lien vers l'article source

Auteur: VulDB

Catégories: VulDBNombre de vues: 106

x

Événements SSI