Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1579

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1579
Last Modified 10 Sep 2012 01:02:12
Published 09 Sep 2012 05:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1579

Summary

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

Vulnerable Systems

Application

  • Mediawiki 1.17

  • Mediawiki 1.17.0

  • Mediawiki 1.17.1

  • Mediawiki 1.17.2

  • Mediawiki 1.18

  • Mediawiki 1.18.0

  • Mediawiki 1.18.1


References

CONFIRM - https://bugzilla.wikimedia.org/show_bug.cgi?id=34907

BID - 52689

MLIST - [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2

MLIST - [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2

SECUNIA - 48504

MLIST - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2

MLIST - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3


Last Updated: 27 May 2016 11:00:32