exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2015-6728

больше 10 лет назад

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

CVSS2: 7.5

EPSS: Низкий

CVE-2015-6728

больше 10 лет назад

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

CVSS2: 7.5

EPSS: Низкий

CVE-2015-6728

больше 10 лет назад

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1. ...

CVSS2: 7.5

EPSS: Низкий

GHSA-j8wf-wp2j-cmg7

больше 3 лет назад

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2015-6728 The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.	CVSS2: 7.5	0% Низкий	больше 10 лет назад
CVE-2015-6728 The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.	CVSS2: 7.5	0% Низкий	больше 10 лет назад
CVE-2015-6728 The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1. ...	CVSS2: 7.5	0% Низкий	больше 10 лет назад
GHSA-j8wf-wp2j-cmg7 The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.		0% Низкий	больше 3 лет назад

Уязвимостей на страницу