oss-sec mailing list archives
RE: WordPress plugins vulnerable to CVE-2013-1808
From: "Christey, Steven M." <coley () mitre org>
Date: Thu, 28 Mar 2013 15:44:09 +0000
Henri, It appears that CVE-2013-1463 was previously assigned to an issue that was claimed to exist in WP-Table Reloaded and fixed by that module developer, but the attack vector involves the id parameter to js/tabletools/zeroclipboard.swf, so this is likely a duplicate. Can you confirm? If this is a duplicate, we have an unusual situation for how to resolve it. The older CVE, CVE-2013-1463, is much more widely used than the newer CVE-2013-1808, which would argue for keeping the older CVE-2013-1463. However, because that older CVE focuses on the wrong product, and CVE-2013-1808 is referenced in Red Hat's Bugzilla and thus "more authoritative," this would argue for keeping CVE-2013-1808. - Steve
Current thread:
- WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 10)
- Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 14)
- Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 26)
- RE: WordPress plugins vulnerable to CVE-2013-1808 Christey, Steven M. (Mar 28)