CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
87.4%
Package : wordpress
Version : 4.1.28+dfsg-0+deb8u1
CVE ID : CVE-2019-17669 CVE-2019-17670 CVE-2019-17671
CVE-2019-17675
Debian Bug : 942459
Several vulnerabilities in wordpress, a web blogging tool, have been
fixed.
CVE-2019-17669
Server Side Request Forgery (SSRF) vulnerability because URL
validation does not consider the interpretation of a name as a
series of hex characters.
CVE-2019-17670
Server Side Request Forgery (SSRF) vulnerability was reported in
wp_validate_redirect(). Normalize the path when validating the
location for relative URLs.
CVE-2019-17671
Unauthenticated viewing of certain content (private or draft posts)
is possible because the static query property is mishandled.
CVE-2019-17675
Wordpress does not properly consider type confusion during
validation of the referer in the admin pages. This vulnerability
affects the check_admin_referer() WordPress function.
For Debian 8 "Jessie", these problems have been fixed in version
4.1.28+dfsg-0+deb8u1.
We recommend that you upgrade your wordpress packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
87.4%