Description
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.
Remediation
References
Related Vulnerabilities
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7081)
Moodle Configuration Vulnerability (CVE-2011-4585)
Plone CMS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2024-0669)
Elgg Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6562)
PHP Resource Management Errors Vulnerability (CVE-2011-1468)