oss-sec mailing list archives
Please reject CVE-2014-8585
From: Henri Salo <henri () nerv fi>
Date: Thu, 27 Nov 2014 02:12:27 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Mitre, Please REJECT CVE-2014-8585, thanks. Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php. File file_download.php is not available in any version of WordPress plugin "download-manager" checked SVN and latest 2.7.4 version from https://wordpress.org/plugins/download-manager/ PoC refers to random WordPress installation with plugin named "document_manager", which is indeed vulnerable. I sent abuse emails to few affected targets. Plugin "document_manager" is custom and not available in WP plugin repository. This was noticed during http://www.wpscan.org/ development. If I am correct OSVDB item refers to issue listed in vexatioustendencies.com, which has different attack scenario and payloads. References: - - http://osvdb.org/111215 - - http://secunia.com/advisories/59925/ - - http://packetstormsecurity.com/files/128852/WordPress-Download-Manager-Arbitrary-File-Download.html - - https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/ - --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlR2bGsACgkQXf6hBi6kbk/6tgCeL3A5Wuw10z9lth01PfcZ73XX MBUAn2RBTmkJAJuwPS/hvaZxg2ycxcVA =upSJ -----END PGP SIGNATURE-----
Current thread:
- Please reject CVE-2014-8585 Henri Salo (Nov 26)