Wordpress Pingback SourceURI拒绝服务和信息泄露漏洞

2007-01-28T00:00:00
ID SSV:1312
Type seebug
Reporter Root
Modified 2007-01-28T00:00:00

Description

Wordpress是一款基于WEB的网络日记应用程序。

Wordpress包含的XMLRPC和Pingback存在多个问题,远程攻击者可以利用漏洞进行拒绝服务攻击或者获得敏感信息。

Wordpress处理Pingback机制存在问题,发送恶意请求可导致拒绝服务攻击。

另外由于在传递给wp_remote_fopen()函数时对sourceURI参数缺少过滤,可导致指定非HTTP资源来读取类似本地文件或者FTP源的信息。特定情况下,恶意用户可判断部分文件是否存在在系统中。

WordPress Wordpress (B2) 0.6.2 .1 WordPress Wordpress (B2) 0.6.2 WordPress WordPress 2.0.7 WordPress WordPress 2.0.6 WordPress WordPress 2.0.5 WordPress WordPress 2.0.4 WordPress WordPress 2.0.3 WordPress WordPress 2.0.2 WordPress WordPress 2.0.1 WordPress WordPress 2.0 WordPress WordPress 1.5.2 WordPress WordPress 1.5.1 .3 WordPress WordPress 1.5.1 .2 WordPress WordPress 1.5.1 WordPress WordPress 1.5 WordPress WordPress 1.2.2 WordPress WordPress 1.2.1 + Gentoo Linux WordPress WordPress 1.2 + Gentoo Linux 1.4 + Gentoo Linux WordPress WordPress 0.71 WordPress WordPress 0.7

厂商解决方案

升级程序:

WordPress Wordpress (B2) 0.6.2 .1

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress Wordpress (B2) 0.6.2

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 0.7

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 0.71

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 1.2

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 1.2.1

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 1.2.2

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 1.5

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 1.5.1 .3

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 1.5.1

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 1.5.1 .2

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 1.5.2

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 2.0

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 2.0.1

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 2.0.2

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 2.0.3

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 2.0.4

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 2.0.5

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 2.0.6

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>

WordPress WordPress 2.0.7

* WordPress latest.tar.gz
  <a href="http://wordpress.org/latest.tar.gz" target="_blank">http://wordpress.org/latest.tar.gz</a>