Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0254
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0254)
Zusammenfassung:	The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2014-0254 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2014-0254 advisory. Vulnerability Insight: Updated wordpress package fixes security vulnerabilities: WordPress before 3.7.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php (CVE-2014-0165). The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie (CVE-2014-0166). The wordpress package has been updated to version 3.9.1, fixing these and other issues. Affected Software/OS: 'wordpress' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0165 Debian Security Information: DSA-2901 (Google Search) http://www.debian.org/security/2014/dsa-2901 Common Vulnerability Exposure (CVE) ID: CVE-2014-0166
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.