FreeBSD Ports: wordpress, de-wordpress

2008-09-17T00:00:00

Description

The remote host is missing an update to the system as announced in the referenced advisory.

{"id": "OPENVAS:61620", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: wordpress, de-wordpress", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-17T00:00:00", "modified": "2016-10-04T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=61620", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-4106"], "lastseen": "2017-07-02T21:10:14", "viewCount": 3, "enchantments": {"score": {"value": -0.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4106"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1871-1:82465", "DEBIAN:DSA-1871-2:31819"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-4106"]}, {"type": "nessus", "idList": ["4648.PRM", "DEBIAN_DSA-1871.NASL", "FEDORA_2008-7760.NASL", "FEDORA_2008-7902.NASL", "FREEBSD_PKG_884FCED77F1C11DDA66A0019666436C2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231064754", "OPENVAS:136141256231064759", "OPENVAS:64754", "OPENVAS:64759", "OPENVAS:860233", "OPENVAS:860647"]}, {"type": "osv", "idList": ["OSV:DSA-1871-1", "OSV:DSA-1871-2"]}, {"type": "patchstack", "idList": ["PATCHSTACK:DAAF66A7B8424DB4E69ED068D85CF92C"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-4106"]}]}, "backreferences": {"references": [{"type": "canvas", "idList": ["MU"]}, {"type": "cve", "idList": ["CVE-2008-4106"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-4106"]}, {"type": "freebsd", "idList": ["884FCED7-7F1C-11DD-A66A-0019666436C2"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1871.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:860233"]}]}, "exploitation": null, "vulnersScore": -0.2}, "pluginID": "61620", "sourceData": "#\n#VID 884fced7-7f1c-11dd-a66a-0019666436c2\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 884fced7-7f1c-11dd-a66a-0019666436c2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n wordpress\n de-wordpress\n wordpress-mu\n zh-wordpress\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://wordpress.org/development/2008/09/wordpress-262/\nhttp://www.vuxml.org/freebsd/884fced7-7f1c-11dd-a66a-0019666436c2.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(61620);\n script_version(\"$Revision: 4203 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-04 07:30:30 +0200 (Tue, 04 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-17 04:23:15 +0200 (Wed, 17 Sep 2008)\");\n script_cve_id(\"CVE-2008-4106\");\n script_bugtraq_id(31068);\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: wordpress, de-wordpress\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"wordpress\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.2\")<0) {\n txt += 'Package wordpress version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"de-wordpress\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.2\")<0) {\n txt += 'Package de-wordpress version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"wordpress-mu\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package wordpress-mu version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"zh-wordpress\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package zh-wordpress version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "FreeBSD Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1660007784}, "_internal": {"score_hash": "0630e7eab582372ebf614fd82286e175"}}

{"patchstack": [{"lastseen": "2022-06-01T19:53:34", "description": "The attackers can change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a \"SQL column truncation vulnerability.\", because this WordPress does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames.\n\n## Solution\n\n\r\n Update WordPress. \r\n ", "cvss3": {}, "published": "2008-09-15T00:00:00", "type": "patchstack", "title": "WordPress <= 2.6.1 - SQL Truncation Vulnerability #2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4106"], "modified": "2008-09-15T00:00:00", "id": "PATCHSTACK:DAAF66A7B8424DB4E69ED068D85CF92C", "href": "https://patchstack.com/database/vulnerability/wordpress/wordpress-2-6-1-sql-truncation-2", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-11T14:41:10", "description": "http://wordpress.org/development/2008/09/wordpress-262/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-09-12T00:00:00", "type": "nessus", "title": "Fedora 8 : wordpress-2.6.2-1.fc8 (2008-7760)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4106", "CVE-2008-4107"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-7760.NASL", "href": "https://www.tenable.com/plugins/nessus/34173", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-7760.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34173);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-4106\", \"CVE-2008-4107\");\n script_bugtraq_id(31068, 31115);\n script_xref(name:\"FEDORA\", value:\"2008-7760\");\n\n script_name(english:\"Fedora 8 : wordpress-2.6.2-1.fc8 (2008-7760)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://wordpress.org/development/2008/09/wordpress-262/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://wordpress.org/development/2008/09/wordpress-262/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wordpress.org/news/2008/09/wordpress-262/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014138.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c505827\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"wordpress-2.6.2-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:41:23", "description": "The Wordpress development team reports :\n\nWith open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another users password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.", "cvss3": {}, "published": "2008-09-10T00:00:00", "type": "nessus", "title": "FreeBSD : wordpress -- remote privilege escalation (884fced7-7f1c-11dd-a66a-0019666436c2)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4106", "CVE-2008-4107"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:de-wordpress", "p-cpe:/a:freebsd:freebsd:wordpress", "p-cpe:/a:freebsd:freebsd:wordpress-mu", "p-cpe:/a:freebsd:freebsd:zh-wordpress", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_884FCED77F1C11DDA66A0019666436C2.NASL", "href": "https://www.tenable.com/plugins/nessus/34152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34152);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-4106\", \"CVE-2008-4107\");\n script_bugtraq_id(31068);\n\n script_name(english:\"FreeBSD : wordpress -- remote privilege escalation (884fced7-7f1c-11dd-a66a-0019666436c2)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Wordpress development team reports :\n\nWith open registration enabled, it is possible in WordPress versions\n2.6.1 and earlier to craft a username such that it will allow\nresetting another users password to a randomly generated password. The\nrandomly generated password is not disclosed to the attacker, so this\nproblem by itself is annoying but not a security exploit. However,\nthis attack coupled with a weakness in the random number seeding in\nmt_rand() could be used to predict the randomly generated password.\"\n );\n # http://wordpress.org/development/2008/09/wordpress-262/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wordpress.org/news/2008/09/wordpress-262/\"\n );\n # https://vuxml.freebsd.org/freebsd/884fced7-7f1c-11dd-a66a-0019666436c2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab8080b7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:de-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wordpress-mu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zh-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"wordpress<2.6.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-wordpress<2.6.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wordpress-mu<2.6.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-wordpress>0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:41:00", "description": "The version of WordPress installed on the remote host is vulnerable to a flaw that would allow any user to reset the password of any other user account. After resetting the password, the newly reset password would be sent to the email address linked to the account. ", "cvss3": {}, "published": "2008-09-09T00:00:00", "type": "nessus", "title": "WordPress < 2.6.2 Administrative Password Reset", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4106", "CVE-2008-4107"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "4648.PRM", "href": "https://www.tenable.com/plugins/nnm/4648", "sourceData": "Binary data 4648.prm", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:41:36", "description": "http://wordpress.org/development/2008/09/wordpress-262/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-09-12T00:00:00", "type": "nessus", "title": "Fedora 9 : wordpress-2.6.2-1.fc9 (2008-7902)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4106", "CVE-2008-4107"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-7902.NASL", "href": "https://www.tenable.com/plugins/nessus/34181", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-7902.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34181);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-4106\", \"CVE-2008-4107\");\n script_bugtraq_id(31068, 31115);\n script_xref(name:\"FEDORA\", value:\"2008-7902\");\n\n script_name(english:\"Fedora 9 : wordpress-2.6.2-1.fc9 (2008-7902)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://wordpress.org/development/2008/09/wordpress-262/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://wordpress.org/development/2008/09/wordpress-262/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wordpress.org/news/2008/09/wordpress-262/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014160.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec2c0b2d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"wordpress-2.6.2-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:01:22", "description": "Several vulnerabilities have been discovered in wordpress, weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-6762 It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing attacks.\n\n - CVE-2008-6767 It was discovered that remote attackers had the ability to trigger an application upgrade, which could lead to a denial of service attack.\n\n - CVE-2009-2334 It was discovered that wordpress lacks authentication checks in the plugin configuration, which might leak sensitive information.\n\n - CVE-2009-2854 It was discovered that wordpress lacks authentication checks in various actions, thus allowing remote attackers to produce unauthorised edits or additions.\n\n - CVE-2009-2851 It was discovered that the administrator interface is prone to a cross-site scripting attack.\n\n - CVE-2009-2853 It was discovered that remote attackers can gain privileges via certain direct requests.\n\n - CVE-2008-1502 It was discovered that the _bad_protocol_once function in KSES, as used by wordpress, allows remote attackers to perform cross-site scripting attacks.\n\n - CVE-2008-4106 It was discovered that wordpress lacks certain checks around user information, which could be used by attackers to change the password of a user.\n\n - CVE-2008-4769 It was discovered that the get_category_template function is prone to a directory traversal vulnerability, which could lead to the execution of arbitrary code.\n\n - CVE-2008-4796 It was discovered that the _httpsrequest function in the embedded snoopy version is prone to the execution of arbitrary commands via shell metacharacters in https URLs.\n\n - CVE-2008-5113 It was discovered that wordpress relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier to perform attacks via crafted cookies.", "cvss3": {}, "published": "2010-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-1871-1 : wordpress - several vulnerabilities ", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1502", "CVE-2008-4106", "CVE-2008-4769", "CVE-2008-4796", "CVE-2008-5113", "CVE-2008-6762", "CVE-2008-6767", "CVE-2009-2334", "CVE-2009-2851", "CVE-2009-2853", "CVE-2009-2854"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wordpress", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1871.NASL", "href": "https://www.tenable.com/plugins/nessus/44736", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1871. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44736);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-1502\", \"CVE-2008-4106\", \"CVE-2008-4769\", \"CVE-2008-4796\", \"CVE-2008-5113\", \"CVE-2008-6762\", \"CVE-2008-6767\", \"CVE-2009-2334\", \"CVE-2009-2851\", \"CVE-2009-2853\", \"CVE-2009-2854\");\n script_bugtraq_id(28599, 31068, 31887, 35584, 35935);\n script_xref(name:\"DSA\", value:\"1871\");\n\n script_name(english:\"Debian DSA-1871-1 : wordpress - several vulnerabilities \");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in wordpress, weblog\nmanager. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2008-6762\n It was discovered that wordpress is prone to an open\n redirect vulnerability which allows remote attackers to\n conduct phishing attacks.\n\n - CVE-2008-6767\n It was discovered that remote attackers had the ability\n to trigger an application upgrade, which could lead to a\n denial of service attack.\n\n - CVE-2009-2334\n It was discovered that wordpress lacks authentication\n checks in the plugin configuration, which might leak\n sensitive information.\n\n - CVE-2009-2854\n It was discovered that wordpress lacks authentication\n checks in various actions, thus allowing remote\n attackers to produce unauthorised edits or additions.\n\n - CVE-2009-2851\n It was discovered that the administrator interface is\n prone to a cross-site scripting attack.\n\n - CVE-2009-2853\n It was discovered that remote attackers can gain\n privileges via certain direct requests.\n\n - CVE-2008-1502\n It was discovered that the _bad_protocol_once function\n in KSES, as used by wordpress, allows remote attackers\n to perform cross-site scripting attacks.\n\n - CVE-2008-4106\n It was discovered that wordpress lacks certain checks\n around user information, which could be used by\n attackers to change the password of a user.\n\n - CVE-2008-4769\n It was discovered that the get_category_template\n function is prone to a directory traversal\n vulnerability, which could lead to the execution of\n arbitrary code.\n\n - CVE-2008-4796\n It was discovered that the _httpsrequest function in the\n embedded snoopy version is prone to the execution of\n arbitrary commands via shell metacharacters in https\n URLs.\n\n - CVE-2008-5113\n It was discovered that wordpress relies on the REQUEST\n superglobal array in certain dangerous situations, which\n makes it easier to perform attacks via crafted cookies.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-6762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-6767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1871\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wordpress packages.\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 2.0.10-1etch4.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.5.1-11+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Moodle <= 1.8.4 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 59, 79, 94, 264, 287, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"wordpress\", reference:\"2.0.10-1etch4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"wordpress\", reference:\"2.5.1-11+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-12-17T15:21:58", "description": "WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a \"SQL column truncation vulnerability.\" NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.", "cvss3": {}, "published": "2008-09-18T17:59:00", "type": "debiancve", "title": "CVE-2008-4106", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4106", "CVE-2008-4107"], "modified": "2008-09-18T17:59:00", "id": "DEBIANCVE:CVE-2008-4106", "href": "https://security-tracker.debian.org/tracker/CVE-2008-4106", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:57:05", "description": "Check for the Version of wordpress", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2008-7760", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4107", "CVE-2008-4106"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860647", "href": "http://plugins.openvas.org/nasl.php?oid=860647", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2008-7760\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"wordpress on Fedora 8\";\ntag_insight = \"Wordpress is an online publishing / weblog package that makes it very easy,\n almost trivial, to get information out to people on the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.html\");\n script_id(860647);\n script_cve_id(\"CVE-2008-4106\",\"CVE-2008-4107\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:03:12 +0100 (Tue, 17 Feb 2009)\");\n script_xref(name: \"FEDORA\", value: \"2008-7760\");\n script_name( \"Fedora Update for wordpress FEDORA-2008-7760\");\n\n script_summary(\"Check for the Version of wordpress\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~2.6.2~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:08", "description": "Check for the Version of wordpress", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2008-7902", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4107", "CVE-2008-4106"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860233", "href": "http://plugins.openvas.org/nasl.php?oid=860233", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2008-7902\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"wordpress on Fedora 9\";\ntag_insight = \"Wordpress is an online publishing / weblog package that makes it very easy,\n almost trivial, to get information out to people on the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.html\");\n script_id(860233);\n script_cve_id(\"CVE-2008-4106\",\"CVE-2008-4107\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:03:12 +0100 (Tue, 17 Feb 2009)\");\n script_xref(name: \"FEDORA\", value: \"2008-7902\");\n script_name( \"Fedora Update for wordpress FEDORA-2008-7902\");\n\n script_summary(\"Check for the Version of wordpress\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~2.6.2~1.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:06", "description": "The remote host is missing an update to wordpress\nannounced via advisory DSA 1871-2.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1871-2 (wordpress)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4769", "CVE-2009-2851", "CVE-2009-2334", "CVE-2008-6762", "CVE-2008-6767", "CVE-2008-4796", "CVE-2008-4106", "CVE-2009-2853", "CVE-2008-5113", "CVE-2008-1502", "CVE-2009-2854"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64759", "href": "http://plugins.openvas.org/nasl.php?oid=64759", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1871_2.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1871-2 (wordpress)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The previous wordpress update introduced a regression when fixing\nCVE-2008-4769 due to a function that was not backported with the patch.\nPlease note that this regression only affects the oldstable distribution\n(etch). For reference the original advisory text follows.\n\n\nSeveral vulnerabilities have been discovered in wordpress, weblog\nmanager. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-6762\n\nIt was discovered that wordpress is prone to an open redirect\nvulnerability which allows remote attackers to conduct phishing atacks.\n\nCVE-2008-6767\n\nIt was discovered that remote attackers had the ability to trigger an\napplication upgrade, which could lead to a denial of service attack.\n\nCVE-2009-2334\n\nIt was discovered that wordpress lacks authentication checks in the\nplugin configuration, which might leak sensitive information.\n\nCVE-2009-2854\n\nIt was discovered that wordpress lacks authentication checks in various\nactions, thus allowing remote attackers to produce unauthorised edits or\nadditions.\n\nCVE-2009-2851\n\nIt was discovered that the administrator interface is prone to a\ncross-site scripting attack.\n\nCVE-2009-2853\n\nIt was discovered that remote attackers can gain privileges via certain\ndirect requests.\n\nCVE-2008-1502\n\nIt was discovered that the _bad_protocol_once function in KSES, as used\nby wordpress, allows remote attackers to perform cross-site scripting\nattacks.\n\nCVE-2008-4106\n\nIt was discovered that wordpress lacks certain checks around user\ninformation, which could be used by attackers to change the password of\na user.\n\nCVE-2008-4769\n\nIt was discovered that the get_category_template function is prone to a\ndirectory traversal vulnerability, which could lead to the execution of\narbitrary code.\n\nCVE-2008-4796\n\nIt was discovered that the _httpsrequest function in the embedded snoopy\nversion is prone to the execution of arbitrary commands via shell\nmetacharacters in https URLs.\n\nCVE-2008-5113\n\nIt was discovered that wordpress relies on the REQUEST superglobal array\nin certain dangerous situations, which makes it easier to perform\nattacks via crafted cookies.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.5.1-11+lenny1.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch5.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.8.3-1.\n\n\nWe recommend that you upgrade your wordpress packages.\";\ntag_summary = \"The remote host is missing an update to wordpress\nannounced via advisory DSA 1871-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201871-2\";\n\n\nif(description)\n{\n script_id(64759);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2008-6762\", \"CVE-2008-6767\", \"CVE-2009-2334\", \"CVE-2009-2854\", \"CVE-2009-2851\", \"CVE-2009-2853\", \"CVE-2008-1502\", \"CVE-2008-4106\", \"CVE-2008-4769\", \"CVE-2008-4796\", \"CVE-2008-5113\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1871-2 (wordpress)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"2.0.10-1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:29", "description": "The remote host is missing an update to wordpress\nannounced via advisory DSA 1871-1.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1871-1 (wordpress)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4769", "CVE-2009-2851", "CVE-2009-2334", "CVE-2008-6762", "CVE-2008-6767", "CVE-2008-4796", "CVE-2008-4106", "CVE-2009-2853", "CVE-2008-5113", "CVE-2008-1502", "CVE-2009-2854"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064754", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064754", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1871_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1871-1 (wordpress)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in wordpress, weblog\nmanager. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-6762\n\nIt was discovered that wordpress is prone to an open redirect\nvulnerability which allows remote attackers to conduct phishing atacks.\n\nCVE-2008-6767\n\nIt was discovered that remote attackers had the ability to trigger an\napplication upgrade, which could lead to a denial of service attack.\n\nCVE-2009-2334\n\nIt was discovered that wordpress lacks authentication checks in the\nplugin configuration, which might leak sensitive information.\n\nCVE-2009-2854\n\nIt was discovered that wordpress lacks authentication checks in various\nactions, thus allowing remote attackers to produce unauthorised edits or\nadditions.\n\nCVE-2009-2851\n\nIt was discovered that the administrator interface is prone to a\ncross-site scripting attack.\n\nCVE-2009-2853\n\nIt was discovered that remote attackers can gain privileges via certain\ndirect requests.\n\nCVE-2008-1502\n\nIt was discovered that the _bad_protocol_once function in KSES, as used\nby wordpress, allows remote attackers to perform cross-site scripting\nattacks.\n\nCVE-2008-4106\n\nIt was discovered that wordpress lacks certain checks around user\ninformation, which could be used by attackers to change the password of\na user.\n\nCVE-2008-4769\n\nIt was discovered that the get_category_template function is prone to a\ndirectory traversal vulnerability, which could lead to the execution of\narbitrary code.\n\nCVE-2008-4796\n\nIt was discovered that the _httpsrequest function in the embedded snoopy\nversion is prone to the execution of arbitrary commands via shell\nmetacharacters in https URLs.\n\nCVE-2008-5113\n\nIt was discovered that wordpress relies on the REQUEST superglobal array\nin certain dangerous situations, which makes it easier to perform\nattacks via crafted cookies.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.5.1-11+lenny1.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch4.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.8.3-1.\n\n\nWe recommend that you upgrade your wordpress packages.\";\ntag_summary = \"The remote host is missing an update to wordpress\nannounced via advisory DSA 1871-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201871-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64754\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2008-6762\", \"CVE-2008-6767\", \"CVE-2009-2334\", \"CVE-2009-2854\", \"CVE-2009-2851\", \"CVE-2009-2853\", \"CVE-2008-1502\", \"CVE-2008-4106\", \"CVE-2008-4769\", \"CVE-2008-4796\", \"CVE-2008-5113\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1871-1 (wordpress)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"2.0.10-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"2.5.1-11+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:26", "description": "The remote host is missing an update to wordpress\nannounced via advisory DSA 1871-2.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1871-2 (wordpress)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4769", "CVE-2009-2851", "CVE-2009-2334", "CVE-2008-6762", "CVE-2008-6767", "CVE-2008-4796", "CVE-2008-4106", "CVE-2009-2853", "CVE-2008-5113", "CVE-2008-1502", "CVE-2009-2854"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064759", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064759", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1871_2.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1871-2 (wordpress)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The previous wordpress update introduced a regression when fixing\nCVE-2008-4769 due to a function that was not backported with the patch.\nPlease note that this regression only affects the oldstable distribution\n(etch). For reference the original advisory text follows.\n\n\nSeveral vulnerabilities have been discovered in wordpress, weblog\nmanager. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-6762\n\nIt was discovered that wordpress is prone to an open redirect\nvulnerability which allows remote attackers to conduct phishing atacks.\n\nCVE-2008-6767\n\nIt was discovered that remote attackers had the ability to trigger an\napplication upgrade, which could lead to a denial of service attack.\n\nCVE-2009-2334\n\nIt was discovered that wordpress lacks authentication checks in the\nplugin configuration, which might leak sensitive information.\n\nCVE-2009-2854\n\nIt was discovered that wordpress lacks authentication checks in various\nactions, thus allowing remote attackers to produce unauthorised edits or\nadditions.\n\nCVE-2009-2851\n\nIt was discovered that the administrator interface is prone to a\ncross-site scripting attack.\n\nCVE-2009-2853\n\nIt was discovered that remote attackers can gain privileges via certain\ndirect requests.\n\nCVE-2008-1502\n\nIt was discovered that the _bad_protocol_once function in KSES, as used\nby wordpress, allows remote attackers to perform cross-site scripting\nattacks.\n\nCVE-2008-4106\n\nIt was discovered that wordpress lacks certain checks around user\ninformation, which could be used by attackers to change the password of\na user.\n\nCVE-2008-4769\n\nIt was discovered that the get_category_template function is prone to a\ndirectory traversal vulnerability, which could lead to the execution of\narbitrary code.\n\nCVE-2008-4796\n\nIt was discovered that the _httpsrequest function in the embedded snoopy\nversion is prone to the execution of arbitrary commands via shell\nmetacharacters in https URLs.\n\nCVE-2008-5113\n\nIt was discovered that wordpress relies on the REQUEST superglobal array\nin certain dangerous situations, which makes it easier to perform\nattacks via crafted cookies.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.5.1-11+lenny1.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch5.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.8.3-1.\n\n\nWe recommend that you upgrade your wordpress packages.\";\ntag_summary = \"The remote host is missing an update to wordpress\nannounced via advisory DSA 1871-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201871-2\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64759\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2008-6762\", \"CVE-2008-6767\", \"CVE-2009-2334\", \"CVE-2009-2854\", \"CVE-2009-2851\", \"CVE-2009-2853\", \"CVE-2008-1502\", \"CVE-2008-4106\", \"CVE-2008-4769\", \"CVE-2008-4796\", \"CVE-2008-5113\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1871-2 (wordpress)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"2.0.10-1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:50", "description": "The remote host is missing an update to wordpress\nannounced via advisory DSA 1871-1.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1871-1 (wordpress)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4769", "CVE-2009-2851", "CVE-2009-2334", "CVE-2008-6762", "CVE-2008-6767", "CVE-2008-4796", "CVE-2008-4106", "CVE-2009-2853", "CVE-2008-5113", "CVE-2008-1502", "CVE-2009-2854"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64754", "href": "http://plugins.openvas.org/nasl.php?oid=64754", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1871_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1871-1 (wordpress)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in wordpress, weblog\nmanager. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-6762\n\nIt was discovered that wordpress is prone to an open redirect\nvulnerability which allows remote attackers to conduct phishing atacks.\n\nCVE-2008-6767\n\nIt was discovered that remote attackers had the ability to trigger an\napplication upgrade, which could lead to a denial of service attack.\n\nCVE-2009-2334\n\nIt was discovered that wordpress lacks authentication checks in the\nplugin configuration, which might leak sensitive information.\n\nCVE-2009-2854\n\nIt was discovered that wordpress lacks authentication checks in various\nactions, thus allowing remote attackers to produce unauthorised edits or\nadditions.\n\nCVE-2009-2851\n\nIt was discovered that the administrator interface is prone to a\ncross-site scripting attack.\n\nCVE-2009-2853\n\nIt was discovered that remote attackers can gain privileges via certain\ndirect requests.\n\nCVE-2008-1502\n\nIt was discovered that the _bad_protocol_once function in KSES, as used\nby wordpress, allows remote attackers to perform cross-site scripting\nattacks.\n\nCVE-2008-4106\n\nIt was discovered that wordpress lacks certain checks around user\ninformation, which could be used by attackers to change the password of\na user.\n\nCVE-2008-4769\n\nIt was discovered that the get_category_template function is prone to a\ndirectory traversal vulnerability, which could lead to the execution of\narbitrary code.\n\nCVE-2008-4796\n\nIt was discovered that the _httpsrequest function in the embedded snoopy\nversion is prone to the execution of arbitrary commands via shell\nmetacharacters in https URLs.\n\nCVE-2008-5113\n\nIt was discovered that wordpress relies on the REQUEST superglobal array\nin certain dangerous situations, which makes it easier to perform\nattacks via crafted cookies.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.5.1-11+lenny1.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch4.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.8.3-1.\n\n\nWe recommend that you upgrade your wordpress packages.\";\ntag_summary = \"The remote host is missing an update to wordpress\nannounced via advisory DSA 1871-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201871-1\";\n\n\nif(description)\n{\n script_id(64754);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2008-6762\", \"CVE-2008-6767\", \"CVE-2009-2334\", \"CVE-2009-2854\", \"CVE-2009-2851\", \"CVE-2009-2853\", \"CVE-2008-1502\", \"CVE-2008-4106\", \"CVE-2008-4769\", \"CVE-2008-4796\", \"CVE-2008-5113\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1871-1 (wordpress)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"2.0.10-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"2.5.1-11+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2022-03-23T12:51:10", "description": "WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a \"SQL column truncation vulnerability.\" NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.", "cvss3": {}, "published": "2008-09-18T17:59:00", "type": "cve", "title": "CVE-2008-4106", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4106", "CVE-2008-4107"], "modified": "2018-10-11T20:50:00", "cpe": ["cpe:/a:wordpress:wordpress:2.6.1", "cpe:/a:wordpress:wordpress:2.6", "cpe:/a:wordpress:wordpress:1.5.1.2", "cpe:/a:wordpress:wordpress:1.5.1.1", "cpe:/a:wordpress:wordpress:2.5", "cpe:/a:wordpress:wordpress:1.5.2", "cpe:/a:wordpress:wordpress:2.0.10", "cpe:/a:wordpress:wordpress:2.1.3", "cpe:/a:wordpress:wordpress:2.0.9", "cpe:/a:wordpress:wordpress:2.2.2", "cpe:/a:wordpress:wordpress:2.0.5", "cpe:/a:wordpress:wordpress:1.5.1.3", "cpe:/a:wordpress:wordpress:2.0.6", "cpe:/a:wordpress:wordpress:1.2.1", "cpe:/a:wordpress:wordpress:2.0.1", "cpe:/a:wordpress:wordpress:2.0.7", "cpe:/a:wordpress:wordpress:1.2-delta", "cpe:/a:wordpress:wordpress:2.0.4", "cpe:/a:wordpress:wordpress:1.2-mingus", "cpe:/a:wordpress:wordpress:2.1", "cpe:/a:wordpress:wordpress:2.5.1", "cpe:/a:wordpress:wordpress:1.0-platinum", "cpe:/a:wordpress:wordpress:2.1.1", "cpe:/a:wordpress:wordpress:1.2.2", "cpe:/a:wordpress:wordpress:2.0.11", "cpe:/a:wordpress:wordpress:2.2", "cpe:/a:wordpress:wordpress:2.1.2", "cpe:/a:wordpress:wordpress:1.0.2-blakey", "cpe:/a:wordpress:wordpress:2.2.1", "cpe:/a:wordpress:wordpress:1.5-strayhorn", "cpe:/a:wordpress:wordpress:2.2.3", "cpe:/a:wordpress:wordpress:2.0", "cpe:/a:wordpress:wordpress:0.71-gold", "cpe:/a:wordpress:wordpress:1.0.1-miles"], "id": "CVE-2008-4106", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4106", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.0.2-blakey:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.0.1-miles:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.2-mingus:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.0-platinum:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.2-delta:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:0.71-gold:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.5-strayhorn:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T14:41:41", "description": "WordPress before 2.6.2 does not properly handle MySQL warnings about\ninsertion of username strings that exceed the maximum column width of the\nuser_login column, and does not properly handle space characters when\ncomparing usernames, which allows remote attackers to change an arbitrary\nuser's password to a random value by registering a similar username and\nthen requesting a password reset, related to a \"SQL column truncation\nvulnerability.\" NOTE: the attacker can discover the random password by also\nexploiting CVE-2008-4107.", "cvss3": {}, "published": "2008-09-18T00:00:00", "type": "ubuntucve", "title": "CVE-2008-4106", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4106", "CVE-2008-4107"], "modified": "2008-09-18T00:00:00", "id": "UB:CVE-2008-4106", "href": "https://ubuntu.com/security/CVE-2008-4106", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T00:58:20", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1871-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nAugust 23, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : wordpress \nVulnerability : several vulnerabilities \nProblem type : remote \nDebian-specific: no \nCVE IDs : CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2854\n CVE-2009-2851 CVE-2009-2853 CVE-2008-1502 CVE-2008-4106\n CVE-2008-4769 CVE-2008-4796 CVE-2008-5113 \nDebian Bugs : 531736 536724 504243 500115 504234 504771 \n\n\nSeveral vulnerabilities have been discovered in wordpress, weblog\nmanager. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems: \n\nCVE-2008-6762\n\nIt was discovered that wordpress is prone to an open redirect \nvulnerability which allows remote attackers to conduct phishing atacks.\n\nCVE-2008-6767\n\nIt was discovered that remote attackers had the ability to trigger an\napplication upgrade, which could lead to a denial of service attack. \n\nCVE-2009-2334\n\nIt was discovered that wordpress lacks authentication checks in the\nplugin configuration, which might leak sensitive information. \n\nCVE-2009-2854\n\nIt was discovered that wordpress lacks authentication checks in various\nactions, thus allowing remote attackers to produce unauthorised edits or\nadditions. \n\nCVE-2009-2851\n\nIt was discovered that the administrator interface is prone to a\ncross-site scripting attack. \n\nCVE-2009-2853\n\nIt was discovered that remote attackers can gain privileges via certain\ndirect requests. \n\nCVE-2008-1502\n\nIt was discovered that the _bad_protocol_once function in KSES, as used\nby wordpress, allows remote attackers to perform cross-site scripting\nattacks.\n\nCVE-2008-4106\n\nIt was discovered that wordpress lacks certain checks around user\ninformation, which could be used by attackers to change the password of\na user.\n\nCVE-2008-4769\n\nIt was discovered that the get_category_template function is prone to a\ndirectory traversal vulnerability, which could lead to the execution of\narbitrary code.\n\nCVE-2008-4796\n\nIt was discovered that the _httpsrequest function in the embedded snoopy\nversion is prone to the execution of arbitrary commands via shell\nmetacharacters in https URLs.\n\nCVE-2008-5113\n\nIt was discovered that wordpress relies on the REQUEST superglobal array\nin certain dangerous situations, which makes it easier to perform\nattacks via crafted cookies.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.5.1-11+lenny1.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch4.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.8.3-1.\n\n\nWe recommend that you upgrade your wordpress packages.\n\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4.diff.gz\n Size/MD5 checksum: 50984 45349b0822fc376b8cfef51b5cec3510\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz\n Size/MD5 checksum: 520314 e9d5373b3c6413791f864d56b473dd54\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4.dsc\n Size/MD5 checksum: 607 d9389cbc71eee6f08b15762a97c9d537\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4_all.deb\n Size/MD5 checksum: 521060 71a6aea482d0e7afb9c82701bef336e9\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1.dsc\n Size/MD5 checksum: 1051 46d9daad717f36918e2709757523f6eb\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1.orig.tar.gz\n Size/MD5 checksum: 1181886 b1a40387006e54dcbd963d0cb5da0df4\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1.diff.gz\n Size/MD5 checksum: 702119 07658ad36bed8829f58b1b6223eac294\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1_all.deb\n Size/MD5 checksum: 1029028 2d30e38e22761f87e23d2c85120bb1ff\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-08-23T03:41:14", "type": "debian", "title": "[SECURITY] [DSA 1871-1] New wordpress packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1502", "CVE-2008-4106", "CVE-2008-4769", "CVE-2008-4796", "CVE-2008-5113", "CVE-2008-6762", "CVE-2008-6767", "CVE-2009-2334", "CVE-2009-2851", "CVE-2009-2853", "CVE-2009-2854"], "modified": "2009-08-23T03:41:14", "id": "DEBIAN:DSA-1871-1:82465", "href": "https://lists.debian.org/debian-security-announce/2009/msg00188.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T00:56:49", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1871-2 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nAugust 27, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\n\nPackage : wordpress \nVulnerability : several vulnerabilities \nProblem type : remote \nDebian-specific: no \nCVE IDs : CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2854\n CVE-2009-2851 CVE-2009-2853 CVE-2008-1502 CVE-2008-4106\n CVE-2008-4769 CVE-2008-4796 CVE-2008-5113 \nDebian Bugs : 531736 536724 504243 500115 504234 504771 \n\n\nThe previous wordpress update introduced a regression when fixing\nCVE-2008-4769 due to a function that was not backported with the patch.\nPlease note that this regression only affects the oldstable distribution\n(etch). For reference the original advisory text follows.\n\n\nSeveral vulnerabilities have been discovered in wordpress, weblog\nmanager. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems: \n\nCVE-2008-6762\n\nIt was discovered that wordpress is prone to an open redirect \nvulnerability which allows remote attackers to conduct phishing atacks.\n\nCVE-2008-6767\n\nIt was discovered that remote attackers had the ability to trigger an\napplication upgrade, which could lead to a denial of service attack. \n\nCVE-2009-2334\n\nIt was discovered that wordpress lacks authentication checks in the \nplugin configuration, which might leak sensitive information. \n\nCVE-2009-2854\n\nIt was discovered that wordpress lacks authentication checks in various\nactions, thus allowing remote attackers to produce unauthorised edits or\nadditions. \n\nCVE-2009-2851\n\nIt was discovered that the administrator interface is prone to a\ncross-site scripting attack. \n\nCVE-2009-2853\n\nIt was discovered that remote attackers can gain privileges via certain\ndirect requests. \n\nCVE-2008-1502\n\nIt was discovered that the _bad_protocol_once function in KSES, as used\nby wordpress, allows remote attackers to perform cross-site scripting \nattacks. \n\nCVE-2008-4106\n\nIt was discovered that wordpress lacks certain checks around user\ninformation, which could be used by attackers to change the password of\na user. \n\nCVE-2008-4769\n\nIt was discovered that the get_category_template function is prone to a\ndirectory traversal vulnerability, which could lead to the execution of\narbitrary code. \n\nCVE-2008-4796\n\nIt was discovered that the _httpsrequest function in the embedded snoopy\nversion is prone to the execution of arbitrary commands via shell \nmetacharacters in https URLs. \n\nCVE-2008-5113\n\nIt was discovered that wordpress relies on the REQUEST superglobal array\nin certain dangerous situations, which makes it easier to perform \nattacks via crafted cookies. \n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.5.1-11+lenny1. \n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch5. \n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.8.3-1. \n\n\nWe recommend that you upgrade your wordpress packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch5.dsc\n Size/MD5 checksum: 607 303f4e7e168c04dddd64ae2b7300337e\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz\n Size/MD5 checksum: 520314 e9d5373b3c6413791f864d56b473dd54\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch5.diff.gz\n Size/MD5 checksum: 51120 9dcee118356aa6950bd4b994b6c11def\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch5_all.deb\n Size/MD5 checksum: 521174 18a19046fd5707ea64745818a5a673f6\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-08-27T01:39:01", "type": "debian", "title": "[SECURITY] [DSA 1871-2] New wordpress packages fix regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1502", "CVE-2008-4106", "CVE-2008-4769", "CVE-2008-4796", "CVE-2008-5113", "CVE-2008-6762", "CVE-2008-6767", "CVE-2009-2334", "CVE-2009-2851", "CVE-2009-2853", "CVE-2009-2854"], "modified": "2009-08-27T01:39:01", "id": "DEBIAN:DSA-1871-2:31819", "href": "https://lists.debian.org/debian-security-announce/2009/msg00193.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-10T07:07:55", "description": "\nSeveral vulnerabilities have been discovered in wordpress, weblog\nmanager. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\n* [CVE-2008-6762](https://security-tracker.debian.org/tracker/CVE-2008-6762)\nIt was discovered that wordpress is prone to an open redirect \nvulnerability which allows remote attackers to conduct phishing atacks.\n* [CVE-2008-6767](https://security-tracker.debian.org/tracker/CVE-2008-6767)\nIt was discovered that remote attackers had the ability to trigger an\napplication upgrade, which could lead to a denial of service attack.\n* [CVE-2009-2334](https://security-tracker.debian.org/tracker/CVE-2009-2334)\nIt was discovered that wordpress lacks authentication checks in the\nplugin configuration, which might leak sensitive information.\n* [CVE-2009-2854](https://security-tracker.debian.org/tracker/CVE-2009-2854)\nIt was discovered that wordpress lacks authentication checks in various\nactions, thus allowing remote attackers to produce unauthorised edits or\nadditions.\n* [CVE-2009-2851](https://security-tracker.debian.org/tracker/CVE-2009-2851)\nIt was discovered that the administrator interface is prone to a\ncross-site scripting attack.\n* [CVE-2009-2853](https://security-tracker.debian.org/tracker/CVE-2009-2853)\nIt was discovered that remote attackers can gain privileges via certain\ndirect requests.\n* [CVE-2008-1502](https://security-tracker.debian.org/tracker/CVE-2008-1502)\nIt was discovered that the \\_bad\\_protocol\\_once function in KSES, as used\nby wordpress, allows remote attackers to perform cross-site scripting\nattacks.\n* [CVE-2008-4106](https://security-tracker.debian.org/tracker/CVE-2008-4106)\nIt was discovered that wordpress lacks certain checks around user\ninformation, which could be used by attackers to change the password of\na user.\n* [CVE-2008-4769](https://security-tracker.debian.org/tracker/CVE-2008-4769)\nIt was discovered that the get\\_category\\_template function is prone to a\ndirectory traversal vulnerability, which could lead to the execution of\narbitrary code.\n* [CVE-2008-4796](https://security-tracker.debian.org/tracker/CVE-2008-4796)\nIt was discovered that the \\_httpsrequest function in the embedded snoopy\nversion is prone to the execution of arbitrary commands via shell\nmetacharacters in https URLs.\n* [CVE-2008-5113](https://security-tracker.debian.org/tracker/CVE-2008-5113)\nIt was discovered that wordpress relies on the REQUEST superglobal array\nin certain dangerous situations, which makes it easier to perform\nattacks via crafted cookies.\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch4.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.5.1-11+lenny1.\n\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.8.3-1.\n\n\nWe recommend that you upgrade your wordpress packages.\n\n\n", "edition": 1, "cvss3": {}, "published": "2009-08-23T00:00:00", "type": "osv", "title": "wordpress - regression fix", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4769", "CVE-2009-2851", "CVE-2009-2334", "CVE-2008-6762", "CVE-2008-6767", "CVE-2008-4796", "CVE-2008-4106", "CVE-2009-2853", "CVE-2008-5113", "CVE-2008-1502", "CVE-2009-2854"], "modified": "2022-08-10T07:07:41", "id": "OSV:DSA-1871-2", "href": "https://osv.dev/vulnerability/DSA-1871-2", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:07:55", "description": "\nSeveral vulnerabilities have been discovered in wordpress, weblog\nmanager. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\n* [CVE-2008-6762](https://security-tracker.debian.org/tracker/CVE-2008-6762)\nIt was discovered that wordpress is prone to an open redirect \nvulnerability which allows remote attackers to conduct phishing atacks.\n* [CVE-2008-6767](https://security-tracker.debian.org/tracker/CVE-2008-6767)\nIt was discovered that remote attackers had the ability to trigger an\napplication upgrade, which could lead to a denial of service attack.\n* [CVE-2009-2334](https://security-tracker.debian.org/tracker/CVE-2009-2334)\nIt was discovered that wordpress lacks authentication checks in the\nplugin configuration, which might leak sensitive information.\n* [CVE-2009-2854](https://security-tracker.debian.org/tracker/CVE-2009-2854)\nIt was discovered that wordpress lacks authentication checks in various\nactions, thus allowing remote attackers to produce unauthorised edits or\nadditions.\n* [CVE-2009-2851](https://security-tracker.debian.org/tracker/CVE-2009-2851)\nIt was discovered that the administrator interface is prone to a\ncross-site scripting attack.\n* [CVE-2009-2853](https://security-tracker.debian.org/tracker/CVE-2009-2853)\nIt was discovered that remote attackers can gain privileges via certain\ndirect requests.\n* [CVE-2008-1502](https://security-tracker.debian.org/tracker/CVE-2008-1502)\nIt was discovered that the \\_bad\\_protocol\\_once function in KSES, as used\nby wordpress, allows remote attackers to perform cross-site scripting\nattacks.\n* [CVE-2008-4106](https://security-tracker.debian.org/tracker/CVE-2008-4106)\nIt was discovered that wordpress lacks certain checks around user\ninformation, which could be used by attackers to change the password of\na user.\n* [CVE-2008-4769](https://security-tracker.debian.org/tracker/CVE-2008-4769)\nIt was discovered that the get\\_category\\_template function is prone to a\ndirectory traversal vulnerability, which could lead to the execution of\narbitrary code.\n* [CVE-2008-4796](https://security-tracker.debian.org/tracker/CVE-2008-4796)\nIt was discovered that the \\_httpsrequest function in the embedded snoopy\nversion is prone to the execution of arbitrary commands via shell\nmetacharacters in https URLs.\n* [CVE-2008-5113](https://security-tracker.debian.org/tracker/CVE-2008-5113)\nIt was discovered that wordpress relies on the REQUEST superglobal array\nin certain dangerous situations, which makes it easier to perform\nattacks via crafted cookies.\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch4.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.5.1-11+lenny1.\n\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.8.3-1.\n\n\nWe recommend that you upgrade your wordpress packages.\n\n\n", "edition": 1, "cvss3": {}, "published": "2009-08-23T00:00:00", "type": "osv", "title": "wordpress - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4769", "CVE-2009-2851", "CVE-2009-2334", "CVE-2008-6762", "CVE-2008-6767", "CVE-2008-4796", "CVE-2008-4106", "CVE-2009-2853", "CVE-2008-5113", "CVE-2008-1502", "CVE-2009-2854"], "modified": "2022-08-10T07:07:41", "id": "OSV:DSA-1871-1", "href": "https://osv.dev/vulnerability/DSA-1871-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}

FreeBSD Ports: wordpress, de-wordpress

Description

Related