Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2014-9487

Disclosure Date: October 17, 2017
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • mediawiki

Products

  • mediawiki 1.19,
  • mediawiki 1.19.0,
  • mediawiki 1.19.1,
  • mediawiki 1.19.10,
  • mediawiki 1.19.11,
  • mediawiki 1.19.12,
  • mediawiki 1.19.13,
  • mediawiki 1.19.14,
  • mediawiki 1.19.15,
  • mediawiki 1.19.16,
  • mediawiki 1.19.17,
  • mediawiki 1.19.18,
  • mediawiki 1.19.19,
  • mediawiki 1.19.2,
  • mediawiki 1.19.20,
  • mediawiki 1.19.21,
  • mediawiki 1.19.22,
  • mediawiki 1.19.3,
  • mediawiki 1.19.4,
  • mediawiki 1.19.5,
  • mediawiki 1.19.6,
  • mediawiki 1.19.7,
  • mediawiki 1.19.8,
  • mediawiki 1.19.9,
  • mediawiki 1.22.0,
  • mediawiki 1.22.1,
  • mediawiki 1.22.10,
  • mediawiki 1.22.11,
  • mediawiki 1.22.12,
  • mediawiki 1.22.13,
  • mediawiki 1.22.14,
  • mediawiki 1.22.2,
  • mediawiki 1.22.3,
  • mediawiki 1.22.4,
  • mediawiki 1.22.5,
  • mediawiki 1.22.6,
  • mediawiki 1.22.7,
  • mediawiki 1.22.8,
  • mediawiki 1.22.9,
  • mediawiki 1.23.0,
  • mediawiki 1.23.1,
  • mediawiki 1.23.2,
  • mediawiki 1.23.3,
  • mediawiki 1.23.4,
  • mediawiki 1.23.5,
  • mediawiki 1.23.6,
  • mediawiki 1.23.7,
  • mediawiki 1.24.0
Technical Analysis