CVE-2008-5687
First published: Fri Dec 19 2008(Updated: )
MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki | =1.12.1 | |
| MediaWiki | =1.13.0-rc2 | |
| MediaWiki | =1.12.3 | |
| MediaWiki | =1.12.0 | |
| MediaWiki | =1.11.2 | |
| MediaWiki | =1.11-rc1 | |
| MediaWiki | =1.13.1 | |
| MediaWiki | =1.11 | |
| MediaWiki | =1.13.0 | |
| MediaWiki | =1.13.0-rc1 | |
| MediaWiki | =1.13.2 | |
| MediaWiki | =1.11.1 | |
| MediaWiki | =1.12.2 | |
| MediaWiki | =1.12.0-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html
- http://secunia.com/advisories/33349
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47678
Frequently Asked Questions
What is the severity of CVE-2008-5687?
CVE-2008-5687 has a moderate severity level as it allows unauthorized access to deleted image backups.
How do I fix CVE-2008-5687?
To fix CVE-2008-5687, upgrade to MediaWiki version 1.13.3 or later.
What versions of MediaWiki are affected by CVE-2008-5687?
CVE-2008-5687 affects MediaWiki versions prior to 1.13.3, including 1.11 and 1.12.
What kind of attacks can be performed using CVE-2008-5687?
Attackers can exploit CVE-2008-5687 to download and retrieve sensitive information from deleted images.
Are there any workarounds for CVE-2008-5687?
Temporary workarounds may include restricting access to the directory where deleted images are stored.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mediawiki
- canonical/mediawiki
- version/mediawiki/1.12.1
- version/mediawiki/1.13.0-rc2
- version/mediawiki/1.12.3
- version/mediawiki/1.12.0
- version/mediawiki/1.11.2
- version/mediawiki/1.11-rc1
- version/mediawiki/1.13.1
- version/mediawiki/1.11
- version/mediawiki/1.13.0
- version/mediawiki/1.13.0-rc1
- version/mediawiki/1.13.2
- version/mediawiki/1.11.1
- version/mediawiki/1.12.2
- version/mediawiki/1.12.0-rc1