Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 247468 (CVE-2008-5113)

Summary: www-apps/wordpress<=2.6.3 CSRF (CVE-2008-5113)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5113
Whiteboard: ~3? [noglsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-18 18:46:03 UTC 
CVE-2008-5113 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5113):
  WordPress 2.6.3 relies on the REQUEST superglobal array in certain
  dangerous situations, which makes it easier for remote attackers to
  conduct delayed and persistent cross-site request forgery (CSRF)
  attacks via crafted cookies, as demonstrated by attacks that (1)
  delete user accounts or (2) cause a denial of service (loss of
  application access).  NOTE: this issue relies on the presence of an
  independent vulnerability that allows cookie injection.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-26 13:00:40 UTC 
2.6.5 is in the tree now.