Vulnerabilities > CVE-2015-6736 - Code vulnerability in Quiz Project Quiz

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
quiz-project
CWE-17
nessus

Summary

The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.

Vulnerable Configurations

Part Description Count
Application
Quiz_Project
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-13920.NASL
    description - (T94116) SECURITY: Compare API watchlist token in constant time * (T97391) SECURITY: Escape error message strings in thumb.php * (T106893) SECURITY: Don
    last seen2020-06-05
    modified2015-08-31
    plugin id85698
    published2015-08-31
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85698
    titleFedora 23 : mediawiki-1.25.2-2.fc23 (2015-13920)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201510-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201510-05 (MediaWiki: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to create a Denial of Service condition, obtain sensitive information, bypass security restrictions, and inject arbitrary web script or HTML. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id86690
    published2015-11-02
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86690
    titleGLSA-201510-05 : MediaWiki: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6241B5DF42A111E593AD002590263BF5.NASL
    descriptionMediaWiki reports : Internal review discovered that Special:DeletedContributions did not properly protect the IP of autoblocked users. This fix makes the functionality of Special:DeletedContributions consistent with Special:Contributions and Special:BlockList. Internal review discovered that watchlist anti-csrf tokens were not being compared in constant time, which could allow various timing attacks. This could allow an attacker to modify a user
    last seen2020-06-01
    modified2020-06-02
    plugin id85428
    published2015-08-17
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85428
    titleFreeBSD : mediawiki -- multiple vulnerabilities (6241b5df-42a1-11e5-93ad-002590263bf5)