 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2013.0198 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2013-0198) |
| Zusammenfassung: | The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2013-0198 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2013-0198 advisory. Vulnerability Insight: A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially- crafted input that, when processed by the password checking mechanism of Wordpress would lead to excessive CPU consumption (CVE-2013-2173). Inadequate SSRF protection for HTTP requests where the user can provide a URL can allow for attacks against the intranet and other sites. This is a continuation of work related to CVE-2013-0235, which was specific to SSRF in pingback requests and was fixed in 3.5.1 (CVE-2013-2199). Inadequate checking of a user's capabilities could allow them to publish posts when their user role should not allow for it, and to assign posts to other authors (CVE-2013-2200). Inadequate escaping allowed an administrator to trigger a cross-site scripting vulnerability through the uploading of media files and plugins (CVE-2013-2201). The processing of an oEmbed response is vulnerable to an XXE (CVE-2013-2202). If the uploads directory is not writable, error message data returned via XHR will include a full path to the directory (CVE-2013-2203). Content Spoofing in the MoxieCode (TinyMCE) MoxiePlayer project (CVE-2013-2204). Cross-domain XSS in SWFUpload (CVE-2013-2205). Affected Software/OS: 'wordpress' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-2173 Bugtraq: 20130613 Re: WordPress 3.5.1, Denial of Service (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-06/0052.html Debian Security Information: DSA-2718 (Google Search) http://www.debian.org/security/2013/dsa-2718 https://github.com/wpscanteam/wpscan/issues/219 https://vndh.net/note:wordpress-351-denial-service http://openwall.com/lists/oss-security/2013/06/12/2 Common Vulnerability Exposure (CVE) ID: CVE-2013-2199 Common Vulnerability Exposure (CVE) ID: CVE-2013-2200 Common Vulnerability Exposure (CVE) ID: CVE-2013-2201 Common Vulnerability Exposure (CVE) ID: CVE-2013-2202 Common Vulnerability Exposure (CVE) ID: CVE-2013-2203 Common Vulnerability Exposure (CVE) ID: CVE-2013-2204 Common Vulnerability Exposure (CVE) ID: CVE-2013-2205 BugTraq ID: 60759 http://www.securityfocus.com/bid/60759 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |