Description
api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.
References (11)
Core 11
Core References
Patch vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=620226
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
Patch mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2010/07/29/4
Patch x_refsource_confirm
http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776
Issue Tracking x_refsource_confirm
https://bugzilla.wikimedia.org/show_bug.cgi?id=24565
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/42019
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=620224
Scores
EPSS
0.0055
EPSS Percentile
68.2%
Details
CWE
CWE-200
Status
published
Products (42)
mediawiki/mediawiki
1.1.0
mediawiki/mediawiki
1.2.0
mediawiki/mediawiki
1.2.1
mediawiki/mediawiki
1.2.2
mediawiki/mediawiki
1.2.3
mediawiki/mediawiki
1.2.4
mediawiki/mediawiki
1.2.5
mediawiki/mediawiki
1.2.6
mediawiki/mediawiki
1.3
mediawiki/mediawiki
1.3.0
... and 32 more
Published
Apr 27, 2011
Tracked Since
Feb 18, 2026