MediaWiki Information Disclosure Vulnerabilities Network Vulnerability

Summary

This host is running MediaWiki and is prone to Information Disclosure Vulnerabilities.

Impact

Successful exploitation will lead to gain knowledge on sensitive directories on the remote web server via requests.

Solution

Upgrade to MediaWiki Version 1.15.4 or later. For updates refer to http://www.mediawiki.org/wiki/Download

Insight

The flaws are due to, - wgShowExceptionDetails variable sometimes shows the installation path of MediaWiki which can lead to expose sensitive information about the remote system. - fails to protect against the download of backups of deleted images in images/deleted/.

Affected

MediaWiki version 1.8.1 to 1.13.3 MediaWiki version 1.11 to 1.13.3

References

http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
http://www.mediawiki.org/wiki/Manual:$wgShowExceptionDetails

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5687, CVE-2008-5688

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
AN Guestbook Local File Inclusion Vulnerability

Take action and discover your vulnerabilities