Description

MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.

Remediation

References

CVE-2015-2936

Related Vulnerabilities

WordPress Plugin Ultimate Appointment Booking & Scheduling Cross-Site Scripting (1.1.9)

WordPress Plugin Appointments Unspecified Vulnerability (2.2.2.1)

WordPress Plugin WordPress Comments Import & Export CSV Injection (2.0.4)

Ruby Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-1004)

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12718)

Severity

High

Classification

CVE-2015-2936

Tags

Missing Update Known Vulnerabilities