Executive Summary
Summary | |
---|---|
Title | wordpress security update |
Informations | |||
---|---|---|---|
Name | DSA-3375 | First vendor Publication | 2015-10-19 |
Vendor | Debian | Last vendor Modification | 2015-10-19 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. CVE-2015-5715 A vulnerability has been discovered, allowing users without proper permissions to publish private posts and make them sticky. The issue has been fixed in the XMLRPC code of Wordpress by not allowing private posts to be sticky. Other issue(s) A cross-site scripting vulnerability in user list tables has been discovered. The issue has been fixed by URL-escaping email addresses in those user lists. For the oldstable distribution (wheezy), these problems will be fixed in later update. For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u5. For the testing distribution (stretch), these problems have been fixed in version 4.3.1+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.3.1+dfsg-1. We recommend that you upgrade your wordpress packages. |
Original Source
Url : http://www.debian.org/security/2015/dsa-3375 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-09-17 | IAVM : 2015-A-0219 - Multiple Vulnerabilities in WordPress Severity : Category I - VMSKEY : V0061403 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | wordpress kses bypass cross site scripting attempt RuleID : 37019 - Revision : 3 - Type : SERVER-WEBAPP |
2016-03-14 | wordpress kses bypass cross site scripting attempt RuleID : 37018 - Revision : 3 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-11-29 | Name : A web application running on the remote host is affected by multiple vulnerab... File : puppet_enterprise_421_470.nasl - Type : ACT_GATHER_INFO |
2015-10-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3383.nasl - Type : ACT_GATHER_INFO |
2015-10-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3375.nasl - Type : ACT_GATHER_INFO |
2015-10-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-321.nasl - Type : ACT_GATHER_INFO |
2015-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2015-15981.nasl - Type : ACT_GATHER_INFO |
2015-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2015-15982.nasl - Type : ACT_GATHER_INFO |
2015-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2015-15983.nasl - Type : ACT_GATHER_INFO |
2015-09-17 | Name : The PHP application running on the remote web server is affected by multiple ... File : wordpress_4_3_1.nasl - Type : ACT_GATHER_INFO |
2015-09-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f4ce64c25bd411e590403c970e169bc2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-11-04 09:25:45 |
|
2016-05-23 21:36:04 |
|
2016-05-22 09:37:48 |
|
2015-10-31 13:24:02 |
|
2015-10-21 13:24:04 |
|
2015-10-20 00:22:54 |
|