[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80130

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-8008

Date: (C)2018-01-02   (M)2018-01-05 


The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

CVSS Score: 9.3Access Vector:
Exploit Score: Access Complexity:
Impact Score: Authentication:
 Confidentiality:
 Integrity:
 Availability:





Reference:
SECTRACK-1034028
BID-77379
FEDORA-2015-24fe8b66c9
FEDORA-2015-97fe05f788
FEDORA-2015-ec6d598d3d
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html
http://www.openwall.com/lists/oss-security/2015/10/29/14
https://bugzilla.redhat.com/show_bug.cgi?id=1273353
https://phabricator.wikimedia.org/T103022

OVAL    3
oval:org.secpod.oval:def:109958
oval:org.secpod.oval:def:109664
oval:org.secpod.oval:def:109685

© 2013 SecPod Technologies