Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
patchstackJuan Galiana LaraPATCHSTACK:8D955285641B2606CAA6E8A1193CA966
HistoryMar 10, 2009 - 12:00 a.m.

WordPress MU <= 2.7 - 'HOST' HTTP Header XSS Vulnerability

2009-03-1000:00:00
Juan Galiana Lara
patchstack.com
9

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

WordPress MU prior to version 2.7 fails to sanitize the Host header correctly in choose_primary_blog function and can be hacked. Sites running in based virtual hosting setup are not affected while they are not the default virtual host.

Solution

           Upgrade WordPress.
CPENameOperatorVersion
wordpress mule2.7

Related

prion 1
nessus 2
openvas 9
fedora 3
cve 1
securityvulns 1
prion
prion
Cross site scripting
2009-03-20 00:30:00
nessus
nessus
Fedora 10 : wordpress-mu-2.6.5-2.fc10 (2009-3474)
2009-04-23 00:00:00
HP-UX PHKL_40845 : HP-UX running AudFilter rules enabled, Local Denial of Service (DoS) (HPSBUX02514 SSRT100010 rev.1)
2010-04-05 00:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-3474 (wordpress-mu)
2009-04-15 00:00:00
Fedora Core 10 FEDORA-2009-3474 (wordpress-mu)
2009-04-15 00:00:00
WordPress MU Cross-Site Scripting Vulnerability (Apr 2009)
2009-05-11 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: wordpress-mu-2.6.5-2.fc10
2009-04-09 16:15:18
[SECURITY] Fedora 10 Update: wordpress-mu-2.8.5.2-1.fc10
2009-11-10 17:57:05
[SECURITY] Fedora 10 Update: wordpress-mu-2.8.4a-1.fc10
2009-08-15 08:11:21
cve
cve
CVE-2009-1030
2009-03-20 00:30:00
securityvulns
securityvulns
[security bulletin] HPSBUX02514 SSRT100010 rev.1 - HP-UX running AudFilter rules enabled, Local Denial of Service &#40;DoS&#41;
2010-03-31 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for PATCHSTACK:8D955285641B2606CAA6E8A1193CA966
prion1nessus2openvas9fedora3cve1securityvulns1