Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title wordpress security update
Informations
Name DSA-3085 First vendor Publication 2014-12-03
Vendor Debian Last vendor Modification 2014-12-03
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/11/wordpress-4-0-1/

CVE-2014-9031

Jouko Pynnonen discovered an unauthenticated cross site scripting vulnerability (XSS) in wptexturize(), exploitable via comments or posts.

CVE-2014-9033

Cross site request forgery (CSRF) vulnerability in the password changing process, which could be used by an attacker to trick an user into changing her password.

CVE-2014-9034

Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential denial of service in the way the phpass library is used to handle passwords, since no maximum password length was set.

CVE-2014-9035

John Blackbourn reported an XSS in the "Press This" function (used for quick publishing using a browser "bookmarklet").

CVE-2014-9036

Robert Chapin reported an XSS in the HTML filtering of CSS in posts.

CVE-2014-9037

David Anderson reported a hash comparison vulnerability for passwords stored using the old-style MD5 scheme. While unlikely, this could be exploited to compromise an account, if the user had not logged in after a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and the password MD5 hash could be collided with due to PHP dynamic comparison.

CVE-2014-9038

Ben Bidner reported a server side request forgery (SSRF) in the core HTTP layer which unsufficiently blocked the loopback IP address space.

CVE-2014-9039

Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a vulnerability in the password reset process: an email address change would not invalidate a previous password reset email.

For the stable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u5.

For the upcoming stable distribution (jessie), these problems have been fixed in version 4.0.1+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in version 4.0.1+dfsg-1.

We recommend that you upgrade your wordpress packages.

Original Source

Url : http://www.debian.org/security/2014/dsa-3085

CWE : Common Weakness Enumeration

% Id Name
38 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
12 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
12 % CWE-310 Cryptographic Issues
12 % CWE-254 Security Features
12 % CWE-20 Improper Input Validation
12 % CWE-19 Data Handling

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28034
 
Oval ID: oval:org.mitre.oval:def:28034
Title: DSA-3085-1 -- wordpress security update
Description: Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at <a href="https://wordpress.org/news/2014/11/wordpress-4-0-1/">https://wordpress.org/news/2014/11/wordpress-4-0-1/</a>
Family: unix Class: patch
Reference(s): DSA-3085-1
CVE-2014-9031
CVE-2014-9033
CVE-2014-9034
CVE-2014-9035
CVE-2014-9036
CVE-2014-9037
CVE-2014-9038
CVE-2014-9039
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): wordpress
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 308
Os 2
Os 2

ExploitDB Exploits

id Description
2014-12-01 WordPress <=4.0 Denial of Service Exploit

Snort® IPS/IDS

Date Description
2015-05-27 WordPress overly large password class-phpass.php denial of service attempt
RuleID : 34213 - Revision : 3 - Type : SERVER-WEBAPP
2015-04-28 WordPress arbitrary web script injection attempt
RuleID : 33922 - Revision : 2 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2015-06-02 Name : The remote Debian host is missing a security update.
File : debian_DLA-236.nasl - Type : ACT_GATHER_INFO
2015-01-05 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_5e1351788aeb11e4801f0022156e8794.nasl - Type : ACT_GATHER_INFO
2014-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-15560.nasl - Type : ACT_GATHER_INFO
2014-12-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3085.nasl - Type : ACT_GATHER_INFO
2014-12-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-15507.nasl - Type : ACT_GATHER_INFO
2014-12-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-15526.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2014-233.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote web server contains a PHP application that is affected by multiple...
File : wordpress_4_0_1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-12-05 13:27:07
  • Multiple Updates
2014-12-03 13:26:08
  • First insertion