MSA-15-0007: ReDoS possible in the multimedia filter

MSA-15-0007: ReDoS possible in the multimedia filter

Marina Glancy írta időpontban
Válaszok szám: 0
Description: Not optimal regular expression in the filter could be exploited to create extra server load or make particular page unavailable
Issue summary: ReDOS in the multimedia filter
Severity/Risk: Serious
Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions
Versions fixed: 2.8.2, 2.7.4 and 2.6.7
Reported by: Nicolas Martignoni
Issue no.: MDL-48546
Workaround: Disable multimedia filter
CVE identifier: CVE-2015-0217
Changes (master):