Summary: | <=www-apps/wordpress-2.7.1 Open Redirect, DoS (CVE-2008-{6762,6767}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | dertobi123, jaak, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2009-05-01 19:11:20 UTC
CVE-2008-6767 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6767): wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request. FYI 2.8 is in CVS. Not checked if the given CVE's are fixed, though. There is no <www-apps/wordpress-2.9.2 in portage any more. These do not impact current versions. Closing noglsa. |