OVAL Reference oval:com.ubuntu.precise:def:20158623000

Oval Definition:

oval:com.ubuntu.precise:def:20158623000

Revision Date:	2017-03-23	Version:	1
Title:	CVE-2015-8623 on Ubuntu 12.04 LTS (precise) - medium.
Description:	The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2015-8623
Platform(s):	Ubuntu 12.04 LTS	Product(s):
Definition Synopsis
Ubuntu 12.04 LTS (precise) is installed. AND The 'mediawiki' package in precise is affected and needs fixing.