Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-2787 | First vendor Publication | 2011-04-26 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2787 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-09 (MediaWiki) File : nvt/glsa_201206_09.nasl |
| 2011-05-05 | Name : Fedora Update for mediawiki FEDORA-2011-5807 File : nvt/gb_fedora_2011_5807_mediawiki_fc13.nasl |
| 2011-05-05 | Name : Fedora Update for mediawiki FEDORA-2011-5812 File : nvt/gb_fedora_2011_5812_mediawiki_fc14.nasl |
| 2010-08-02 | Name : MediaWiki 'api.php' Information Disclosure Vulnerability File : nvt/gb_MediaWiki_42019.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 66651 | MediaWiki api.php Cache-Control HTTP Header Information Disclosure MediaWiki contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when an API operation is requested from 'api.php' via URL or POST parameters, causing the response to contain 'public' cache control headers, which will disclose data to a remote attacker using the same caching HTTP proxy or a local attacker. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-06-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-09.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5807.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5812.nasl - Type : ACT_GATHER_INFO |
| 2011-04-27 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5848.nasl - Type : ACT_GATHER_INFO |
| 2011-04-22 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5495.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:05:25 |
|
| 2024-11-28 12:22:29 |
|
| 2021-05-04 12:11:52 |
|
| 2021-04-22 01:12:26 |
|
| 2020-05-24 01:06:41 |
|
| 2020-05-23 01:42:23 |
|
| 2020-05-23 00:26:09 |
|
| 2018-10-23 12:02:49 |
|
| 2016-04-26 19:58:33 |
|
| 2014-02-17 10:56:34 |
|
| 2013-05-10 23:29:21 |
|
