CVE 2011-4360

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

See the CVE page on Mitre.org for more details.