fkie_cve-2008-5688
Vulnerability from fkie_nvd
Published
2008-12-19 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mediawiki | mediawiki | 1.8.1 | |
| mediawiki | mediawiki | 1.8.2 | |
| mediawiki | mediawiki | 1.8.3 | |
| mediawiki | mediawiki | 1.8.4 | |
| mediawiki | mediawiki | 1.8.5 | |
| mediawiki | mediawiki | 1.9.0 | |
| mediawiki | mediawiki | 1.9.1 | |
| mediawiki | mediawiki | 1.9.2 | |
| mediawiki | mediawiki | 1.9.3 | |
| mediawiki | mediawiki | 1.9.4 | |
| mediawiki | mediawiki | 1.9.5 | |
| mediawiki | mediawiki | 1.9.6 | |
| mediawiki | mediawiki | 1.10.0 | |
| mediawiki | mediawiki | 1.10.0 | |
| mediawiki | mediawiki | 1.10.0 | |
| mediawiki | mediawiki | 1.10.1 | |
| mediawiki | mediawiki | 1.10.2 | |
| mediawiki | mediawiki | 1.10.3 | |
| mediawiki | mediawiki | 1.10.4 | |
| mediawiki | mediawiki | 1.11 | |
| mediawiki | mediawiki | 1.11 | |
| mediawiki | mediawiki | 1.11.1 | |
| mediawiki | mediawiki | 1.11.2 | |
| mediawiki | mediawiki | 1.12.0 | |
| mediawiki | mediawiki | 1.12.0 | |
| mediawiki | mediawiki | 1.12.1 | |
| mediawiki | mediawiki | 1.12.2 | |
| mediawiki | mediawiki | 1.12.3 | |
| mediawiki | mediawiki | 1.13.0 | |
| mediawiki | mediawiki | 1.13.0 | |
| mediawiki | mediawiki | 1.13.0 | |
| mediawiki | mediawiki | 1.13.1 | |
| mediawiki | mediawiki | 1.13.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception."
},
{
"lang": "es",
"value": "MediaWiki versi\u00f3n 1.8.1, y otras versiones anteriores a 1.13.3, cuando la variable wgShowExceptionDetails est\u00e1 habilitada, a veces proporciona el path de instalaci\u00f3n completa en un mensaje de depuraci\u00f3n, lo que podr\u00eda permitir a los atacantes remotos conseguir informaci\u00f3n confidencial por medio de peticiones no especificadas que desencadenan una excepci\u00f3n no detectada."
}
],
"id": "CVE-2008-5688",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-19T17:30:03.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33349"
},
{
"source": "cve@mitre.org",
"url": "http://www.mediawiki.org/wiki/Manual:%24wgShowExceptionDetails"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mediawiki.org/wiki/Manual:%24wgShowExceptionDetails"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…