Vulnerability Name: CVE-2015-8627 (CCN-110289) Assigned: 2015-12-23 Published: 2015-12-23 Updated: 2017-03-27 Summary: MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed. CVSS v3 Severity: 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:R Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:R Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-284 Vulnerability Consequences: Bypass Security References: Source: MITRECVE-2015-8627 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12 [oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12 [oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12 mediawiki-cve20158627-sec-bypass(110289) [MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12 https://phabricator.wikimedia.org/T97897 MediaWiki CVE-2015-8627 Vulnerable Configuration: Configuration 1 :cpe:/a:mediawiki:mediawiki:*:*:*:*:*:*:*:* (Version <= 1.23.11)OR cpe:/a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.24.4:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.25.3:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.25.4:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.24.5:*:*:*:*:*:*:* OR cpe:/a:mediawiki:mediawiki:1.23.12:*:*:*:*:*:*:* Oval Definitions BACK
mediawiki mediawiki *
mediawiki mediawiki 1.24.0
mediawiki mediawiki 1.24.1
mediawiki mediawiki 1.24.2
mediawiki mediawiki 1.24.3
mediawiki mediawiki 1.24.4
mediawiki mediawiki 1.25.0
mediawiki mediawiki 1.25.1
mediawiki mediawiki 1.25.2
mediawiki mediawiki 1.25.3
mediawiki mediawiki 1.26.0
mediawiki mediawiki 1.26.1
mediawiki mediawiki 1.25.4
mediawiki mediawiki 1.24.5
mediawiki mediawiki 1.23.12
Denotes that component is vulnerable