oss-sec mailing list archives
CVE request: wordpress can be subject of delayed attacks via cookies
From: Raphael Geissert <atomo64+debian () gmail com>
Date: Thu, 13 Nov 2008 21:05:17 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Due to the completely incorrect usage of $_REQUEST almost all over the place wordpress is subject to delayed attacks via cookies. The attack can be performed as long as there is some way to inject a cookie which is sent by the browser to the server. More info at http://bugs.debian.org/504771 Could a CVE id be assigned please? Thanks in advance. Kind regards, - -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkc6u0ACgkQYy49rUbZzlrmmQCfZNQ6ZERLCODohN1+TTvUcXvs KHcAn1rGqXuxrvmPU70ULqeR75L3vp1X =pVPw -----END PGP SIGNATURE-----
Current thread:
- CVE request: wordpress can be subject of delayed attacks via cookies Raphael Geissert (Nov 13)
- Re: CVE request: wordpress can be subject of delayed attacks via cookies Steven M. Christey (Nov 20)