oss-sec mailing list archives
CVE request: WordPress 3.5.1 denial of service vulnerability
From: Henri Salo <henri () nerv fi>
Date: Tue, 11 Jun 2013 16:55:39 +0300
There is denial of service vulnerability (CWE-400) in WordPress 3.5.1. Could you assign CVE identifier, thanks. Advisory URL: https://vndh.net/note:wordpress-351-denial-service PoC: https://vndh.net/snippet:wordpress-351-denial-service:wordpress-py Status: Reported to vendor by founder. No reply. Reproduced: https://github.com/wpscanteam/wpscan/issues/219 Note: "Exploitation of this vulnerability is possible only when there is at least one password protected post on the blog." I have no idea how many uses password protected blog posts and there isn't easy way to find out. This might also affect multisite installations. There is patch in advisory, which I did not verify. --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: WordPress 3.5.1 denial of service vulnerability Henri Salo (Jun 11)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Solar Designer (Jun 12)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Andrew Nacin (Jun 12)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Alexander Cherepanov (Jun 12)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Solar Designer (Jun 12)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Kurt Seifried (Jun 12)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Solar Designer (Jun 12)