XWiki Multiwiki Setup Information Disclosure Vulnerability

Bugtraq ID:	25647
Class:	Design Error
CVE:	CVE-2007-4898
Remote:	Yes
Local:	No
Published:	Sep 12 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	The vendor reported this issue
Vulnerable:	XWiki XWiki 1.1 RC1 XWiki XWiki 1.1
Not Vulnerable:	XWiki XWiki 1.1 RC2

XWiki Multiwiki Setup Information Disclosure Vulnerability

XWiki is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to further attacks.

This issue affects versions prior XWiki 1.1 RC2.

XWiki Multiwiki Setup Information Disclosure Vulnerability

Attackers can use a browser to exploit this issue.

XWiki Multiwiki Setup Information Disclosure Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.


XWiki XWiki 1.1 RC1

• XWiki xwiki-enterprise-1.1-rc-2-hsqldb.zip
  https://forge.objectweb.org/project/download.php?group_id=170&file_id= 8918

XWiki XWiki 1.1

• XWiki xwiki-enterprise-1.1-rc-2-hsqldb.zip
  https://forge.objectweb.org/project/download.php?group_id=170&file_id= 8918

XWiki Multiwiki Setup Information Disclosure Vulnerability

References:

• Release Notes for XWiki 1.1 Release Candidate 2 (XWiki)
  
• XWiki Homepage (XWiki)