CVE Reference: CVE-2012-1579

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-1579

Description:
The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA48504

MLIST
  http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html
  http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html
  http://www.openwall.com/lists/oss-security/2012/03/22/9
  http://www.openwall.com/lists/oss-security/2012/03/24/1

CONFIRM

BID
  52689


Return to the previous page.