← volver
CVE-2014-9476

CVE-2014-9476

EPSS 2.2%
MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/."
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.htmlhttps://phabricator.wikimedia.org/T77028http://www.mandriva.com/security/advisories?name=MDVSA-2015:006http://www.openwall.com/lists/oss-security/2014/12/21/2http://www.openwall.com/lists/oss-security/2015/01/03/13