api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2011-04-27T00:00:00
Updated: 2024-08-07T02:46:48.599Z
Reserved: 2010-07-22T00:00:00
Link: CVE-2010-2787
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-04-27T00:55:01.677
Modified: 2011-09-07T03:10:05.237
Link: CVE-2010-2787
Redhat
No data.