Vulnerability Description
MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | 1.11 |
Related Weaknesses (CWE)
References
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.htm
- http://secunia.com/advisories/33349Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47678
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.h
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.h
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.htm
- http://secunia.com/advisories/33349Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47678
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.h
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.h
FAQ
What is CVE-2008-5687?
CVE-2008-5687 is a vulnerability with a CVSS score of 5.0 (MEDIUM). MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via re...
How severe is CVE-2008-5687?
CVE-2008-5687 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5687?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.