oss-sec mailing list archives

CVE Request: W3 Total Cache - public cache exposure

From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Fri, 28 Dec 2012 09:04:49 +0100

Hi Kurt,

W3 Total Cache: http://wordpress.org/extend/plugins/w3-total-cache/

CVE request for three separate issues:

1. Cache allows directory listing of hash-key listings, exposing hash keys.

2. Hash keys are easily predictable, in the case of (1) not existing.

3. Cached database values are downloadable by their hash keys on the public
internet, exposing sensitive information like password hashes.

Fixing (3) mitigates (1) and (2), so assign this either three CVEs or one
CVE.

Source: http://seclists.org/fulldisclosure/2012/Dec/242

The vendor, copied on this email, currently has not issued a fix.

Thanks,
Jason

Current thread:

CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 28)
- Re: CVE Request: W3 Total Cache - public cache exposure Kurt Seifried (Dec 28)
  - Re: CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 29)
    - Re: CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 29)
    - Re: CVE Request: W3 Total Cache - public cache exposure Kurt Seifried (Dec 29)