[Bug 228763] New: CVE-2007-0894: mediawiki full path disclosure
bugzilla at redhat.com
bugzilla at redhat.com
Wed Feb 14 20:50:26 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228763
Summary: CVE-2007-0894: mediawiki full path disclosure
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: normal
Component: mediawiki
AssignedTo: Axel.Thimm at ATrpms.net
ReportedBy: ville.skytta at iki.fi
QAContact: extras-qa at fedoraproject.org
CC: fedora-security-
list at redhat.com,fedora at theholbrooks.org,roozbeh at farsiweb
.info
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0894
"MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information
via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3)
MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the
installation path in the resulting error message."
1.8.3 (current FE6) in the CVE entry is not listed as vulnerable, don't know if
the omission is intentional. And whether installation path disclosure is an
issue with Fedora packages can also be debated, reporting here just in case
there's more to it.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-security-list
mailing list