Description

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

Remediation

References

CVE-2015-8002

Related Vulnerabilities

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3583)

WebLogic CVE-2020-2869 Vulnerability (CVE-2020-2869)

PHP Other Vulnerability (CVE-1999-0058)

Oracle Database Server Other Vulnerability (CVE-2005-3446)

Oracle JRE CVE-2013-2434 Vulnerability (CVE-2013-2434)

Severity

Medium

Classification

CVE-2015-8002

Tags

Missing Update Known Vulnerabilities