Description
api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gravity Forms Infusionsoft Cross-Site Scripting (1.1.4)
WordPress Plugin BetterLinks-Shorten, Track and Manage any URL Cross-Site Scripting (1.2.5)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.27)
MySQL CVE-2012-3197 Vulnerability (CVE-2012-3197)
CakePHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3712)