Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close


Published: 23 May 2011

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.




Package Release Status
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy Ignored
(end of life)
lucid Ignored
(end of life)
maverick Ignored
(end of life)
natty Ignored
(end of life)
oneiric Ignored
(end of life)
precise Ignored
(end of life)
quantal Not vulnerable
raring Not vulnerable
saucy Not vulnerable
trusty Does not exist
(trusty was not-affected [1:1.19.2-1])
Released (1.16.5)
utopic Not vulnerable
vivid Not vulnerable
wily Not vulnerable
xenial Does not exist

yakkety Not vulnerable

zesty Not vulnerable