Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 247468 (CVE-2008-5113) - www-apps/wordpress<=2.6.3 CSRF (CVE-2008-5113)
Summary: www-apps/wordpress<=2.6.3 CSRF (CVE-2008-5113)
Status: RESOLVED FIXED
Alias: CVE-2008-5113
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: ~3? [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-11-18 18:46 UTC by Stefan Behte (RETIRED)
Modified: 2008-12-01 17:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-18 18:46:03 UTC 
CVE-2008-5113 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5113):
  WordPress 2.6.3 relies on the REQUEST superglobal array in certain
  dangerous situations, which makes it easier for remote attackers to
  conduct delayed and persistent cross-site request forgery (CSRF)
  attacks via crafted cookies, as demonstrated by attacks that (1)
  delete user accounts or (2) cause a denial of service (loss of
  application access).  NOTE: this issue relies on the presence of an
  independent vulnerability that allows cookie injection.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-26 13:00:40 UTC 
2.6.5 is in the tree now.