[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-2787Date: (C)2011-04-26   (M)2023-12-22


api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-42019
FEDORA-2011-5495
FEDORA-2011-5807
FEDORA-2011-5812
FEDORA-2011-5848
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
http://openwall.com/lists/oss-security/2010/07/29/4
http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776
https://bugzilla.redhat.com/show_bug.cgi?id=620224
https://bugzilla.redhat.com/show_bug.cgi?id=620226
https://bugzilla.wikimedia.org/show_bug.cgi?id=24565

CPE    94
cpe:/a:mediawiki:mediawiki:1.12.3
cpe:/a:mediawiki:mediawiki:1.4:beta4
cpe:/a:mediawiki:mediawiki:1.12.2
cpe:/a:mediawiki:mediawiki:1.4:beta3
...
CWE    1
CWE-200
OVAL    4
oval:org.secpod.oval:def:102966
oval:org.secpod.oval:def:102626
oval:org.secpod.oval:def:103028
oval:org.secpod.oval:def:102630
...

© SecPod Technologies