CVE-2015-2937

by Fred · 13/04/2015

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.

Date published : 2015-04-13

http://www.securityfocus.com/bid/73477

https://phabricator.wikimedia.org/T71210

CVE-2015-2937

Similar

Recent Posts

Categories

CVE-2015-2937

Share this:

Similar

Recent Posts

Categories

Tags