Summary
This host is running MediaWiki and is prone to Information Disclosure Vulnerabilities.
Impact
Successful exploitation will lead to gain knowledge on sensitive directories on the remote web server via requests.
Solution
Upgrade to MediaWiki Version 1.15.4 or later.
For updates refer to http://www.mediawiki.org/wiki/Download
Insight
The flaws are due to,
- wgShowExceptionDetails variable sometimes shows the installation path of MediaWiki which can lead to expose sensitive information about the remote system.
- fails to protect against the download of backups of deleted images in images/deleted/.
Affected
MediaWiki version 1.8.1 to 1.13.3
MediaWiki version 1.11 to 1.13.3
References
Severity
Classification
-
CVE CVE-2008-5687, CVE-2008-5688 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities