 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.890860 |
| Kategorie: | Debian Local Security Checks |
| Titel: | Debian LTS: Security Advisory for wordpress (DLA-860-1) |
| Zusammenfassung: | Several vulnerabilities were discovered in wordpress, a web blogging;tool. The Common Vulnerabilities and Exposures project identifies the;following issues.;;CVE-2017-6814;;Cross-Site Scripting (XSS) vulnerability via media file metadata;;CVE-2017-6815;;Control characters can trick redirect URL validation in;wp-includes/pluggable.php;;CVE-2017-6816;;Unintended files can be deleted by administrators using the plugin;deletion functionality |
| Beschreibung: | Summary: Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2017-6814 Cross-Site Scripting (XSS) vulnerability via media file metadata CVE-2017-6815 Control characters can trick redirect URL validation in wp-includes/pluggable.php CVE-2017-6816 Unintended files can be deleted by administrators using the plugin deletion functionality Affected Software/OS: wordpress on Debian Linux Solution: For Debian 7 'Wheezy', these problems have been fixed in version 3.6.1+dfsg-1~ deb7u14. We recommend that you upgrade your wordpress packages. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-6814 BugTraq ID: 96601 http://www.securityfocus.com/bid/96601 Debian Security Information: DSA-3815 (Google Search) http://www.debian.org/security/2017/dsa-3815 http://openwall.com/lists/oss-security/2017/03/06/8 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7 https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ https://wpvulndb.com/vulnerabilities/8765 http://www.securitytracker.com/id/1037959 Common Vulnerability Exposure (CVE) ID: CVE-2017-6815 BugTraq ID: 96600 http://www.securityfocus.com/bid/96600 https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e https://wpvulndb.com/vulnerabilities/8766 Common Vulnerability Exposure (CVE) ID: CVE-2017-6816 BugTraq ID: 96598 http://www.securityfocus.com/bid/96598 https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663 https://wpvulndb.com/vulnerabilities/8767 |
| Copyright | Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |