CVE-2013-7444: Infoleak
First published: Tue Sep 01 2015(Updated: )
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki | <=1.22.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
- http://www.openwall.com/lists/oss-security/2015/08/12/6
- http://www.openwall.com/lists/oss-security/2015/08/27/6
- https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html
- https://phabricator.wikimedia.org/T48457
Frequently Asked Questions
What is the severity of CVE-2013-7444?
CVE-2013-7444 is considered a moderate severity vulnerability due to its potential for information disclosure.
How do I fix CVE-2013-7444?
To fix CVE-2013-7444, upgrade MediaWiki to version 1.22.0 or later.
What does CVE-2013-7444 allow an attacker to do?
CVE-2013-7444 allows remote attackers to determine if an IP address is autoblocked through special page interactions.
Which versions of MediaWiki are affected by CVE-2013-7444?
MediaWiki versions prior to 1.22.0 are affected by CVE-2013-7444.
Is CVE-2013-7444 related to remote attacks?
Yes, CVE-2013-7444 facilitates remote attacks by allowing attackers to gather information about IP blocking.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mediawiki
- canonical/mediawiki
- version/mediawiki/1.22.0