Lucene search

[email protected]CVE-2007-3639

HistoryJul 10, 2007 - 12:30 a.m.

CVE-2007-3639

2007-07-1000:30:00

[email protected]

web.nvd.nist.gov

wordpress

cve-2007-3639

security

vulnerability

redirection

information leakage

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.3%

JSON

WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.

Affected configurations

NVD

Node

wordpresswordpressRange≤2.2.1

CPENameOperatorVersion
wordpress:wordpresswordpressle2.2.1

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	le	2.2.1

References

osvdb.org/40802

secunia.com/advisories/30013

securityreason.com/securityalert/2869

www.debian.org/security/2008/dsa-1564

www.securityfocus.com/archive/1/472885/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/35272

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.3%

JSON

Related for CVE-2007-3639

patchstack1 ubuntucve1 prion1 cvelist1 debiancve1 nvd1 openvas2 debian1 nessus1 osv1