Test ID:	1.3.6.1.4.1.25623.1.0.64699
Category:	Fedora Local Security Checks
Title:	Fedora Core 10 FEDORA-2009-8538 (wordpress-mu)
Summary:	The remote host is missing an update to wordpress-mu;announced via advisory FEDORA-2009-8538.;Note: This VT has been deprecated and is therefore no longer functional.
Description:	Summary: The remote host is missing an update to wordpress-mu announced via advisory FEDORA-2009-8538. Note: This VT has been deprecated and is therefore no longer functional. Vulnerability Insight: Update Information: Update spans MU-versions for the following security releases: * Backport of XSS fixes from WordPress 2.8.2 * Backport of security fixes for admin.php?page=bugs (CVE-2009-2334) ChangeLog: * Wed Aug 12 2009 Bret McMillan - 2.8.4a-1 - Update to version 2.8.4a for security fixes * Fri Jul 10 2009 Bret McMillan - 2.7-6 - Patch for CVE-2009-2334 - Update to version 2.7 - Alter source prep so I can still use upstream's tarball - favicon.ico removed from manifest Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update wordpress-mu' at the command line. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2334 BugTraq ID: 35584 http://www.securityfocus.com/bid/35584 Bugtraq: 20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information (Google Search) http://www.securityfocus.com/archive/1/504795/100/0/threaded Debian Security Information: DSA-1871 (Google Search) http://www.debian.org/security/2009/dsa-1871 http://www.exploit-db.com/exploits/9110 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked http://www.osvdb.org/55712 http://www.osvdb.org/55715 http://securitytracker.com/id?1022528 http://www.vupen.com/english/advisories/2009/1833 Common Vulnerability Exposure (CVE) ID: CVE-2009-1030 BugTraq ID: 34075 http://www.securityfocus.com/bid/34075 Bugtraq: 20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability (Google Search) http://www.securityfocus.com/archive/1/501667/100/0/threaded https://www.exploit-db.com/exploits/8196 HPdes Security Advisory: HPSBUX02514 http://marc.info/?l=bugtraq&m=126996727024732&w=2 HPdes Security Advisory: SSRT100010 http://www.securitytracker.com/id?1021838 XForce ISS Database: wordpressmu-wpmufunctions-xss(49184) https://exchange.xforce.ibmcloud.com/vulnerabilities/49184 Common Vulnerability Exposure (CVE) ID: CVE-2009-2335 BugTraq ID: 35581 http://www.securityfocus.com/bid/35581 http://www.osvdb.org/55713 Common Vulnerability Exposure (CVE) ID: CVE-2009-2336 http://www.osvdb.org/55714
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.