CVE-2011-4361 Information

Description

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function or by (2) leveraging an extension as demonstrated by the CategoryTree ExtTab and InlineEditor extensions.

Reference

http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html http://openwall.com/lists/oss-security/2011/11/29/12 http://openwall.com/lists/oss-security/2011/11/29/6 http://www.debian.org/security/2011/dsa-2366 https://bugzilla.redhat.com/show_bug.cgi?id=758171 https://bugzilla.wikimedia.org/show_bug.cgi?id=32616