Description

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.

Remediation

References

CVE-2010-2787

Related Vulnerabilities

WordPress Plugin Effectively Add & Customize Free Icons For WordPress Menus-WP Menu Icons Lite includes Backdoor [Only if downloaded via the vendor website] (1.0.8)

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-6970)

WordPress Plugin Contact Form to DB by BestWebSoft-Messages Database For WordPress SQL Injection (1.7.1)

Ruby on Rails Other Vulnerability (CVE-2021-22904)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-0365)

Severity

Medium

Classification

CVE-2010-2787 CWE-200

Tags

Missing Update Known Vulnerabilities