Back to search
CVE-2010-2787
Published: Apr 27, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2011-5495
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=620226
x_refsource_CONFIRM
FEDORA-2011-5807
vendor-advisory
x_refsource_FEDORA
[oss-security] 20100729 Re: CVE request: mediawiki
mailing-list
x_refsource_MLIST
http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776
x_refsource_CONFIRM
https://bugzilla.wikimedia.org/show_bug.cgi?id=24565
x_refsource_CONFIRM
FEDORA-2011-5848
vendor-advisory
x_refsource_FEDORA
[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5
mailing-list
x_refsource_MLIST
42019
vdb-entry
x_refsource_BID
FEDORA-2011-5812
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=620224
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now