Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 268145 (CVE-2008-6762) - <=www-apps/wordpress-2.7.1 Open Redirect, DoS (CVE-2008-{6762,6767})
Summary: <=www-apps/wordpress-2.7.1 Open Redirect, DoS (CVE-2008-{6762,6767})
Status: RESOLVED FIXED
Alias: CVE-2008-6762
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-01 19:11 UTC by Alex Legler (RETIRED)
Modified: 2012-01-04 22:20 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-01 19:11:20 UTC 
CVE-2008-6762 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6762):
  Open redirect vulnerability in wp-admin/upgrade.php in WordPress,
  probably 2.6.x, allows remote attackers to redirect users to
  arbitrary web sites and conduct phishing attacks via a URL in the
  backto parameter.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-01 20:34:47 UTC 
CVE-2008-6767 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6767):
  wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote
  attackers to upgrade the application, and possibly cause a denial of
  service (application outage), via a direct request.
Comment 2 Tobias Scherbaum (RETIRED) gentoo-dev 2009-06-13 10:57:22 UTC 
FYI 2.8 is in CVS. Not checked if the given CVE's are fixed, though.
Comment 3 Jaak Ristioja 2010-07-23 09:00:07 UTC 
There is no <www-apps/wordpress-2.9.2 in portage any more.
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2012-01-04 22:20:34 UTC 
These do not impact current versions. Closing noglsa.