api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-04-27T00:00:00

Updated: 2024-08-07T02:46:48.599Z

Reserved: 2010-07-22T00:00:00

Link: CVE-2010-2787

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-04-27T00:55:01.677

Modified: 2024-11-21T01:17:22.637

Link: CVE-2010-2787

cve-icon Redhat

No data.