Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-1980-1:C7914
HistoryNov 05, 2019 - 4:38 p.m.

[SECURITY] [DLA 1980-1] wordpress security update

2019-11-0516:38:37
lists.debian.org
93

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

Low

EPSS

0.015

Percentile

87.4%

JSON

Package : wordpress
Version : 4.1.28+dfsg-0+deb8u1
CVE ID : CVE-2019-17669 CVE-2019-17670 CVE-2019-17671
CVE-2019-17675
Debian Bug : 942459

Several vulnerabilities in wordpress, a web blogging tool, have been
fixed.

CVE-2019-17669

Server Side Request Forgery (SSRF) vulnerability because URL
validation does not consider the interpretation of a name as a
series of hex characters.

CVE-2019-17670

Server Side Request Forgery (SSRF) vulnerability was reported in
wp_validate_redirect(). Normalize the path when validating the
location for relative URLs.

CVE-2019-17671

Unauthenticated viewing of certain content (private or draft posts)
is possible because the static query property is mishandled.

CVE-2019-17675

Wordpress does not properly consider type confusion during
validation of the referer in the admin pages. This vulnerability
affects the check_admin_referer() WordPress function.

For Debian 8 "Jessie", these problems have been fixed in version
4.1.28+dfsg-0+deb8u1.

We recommend that you upgrade your wordpress packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10allwordpress< 5.0.4+dfsg1-1+deb10u1wordpress_5.0.4+dfsg1-1+deb10u1_all.deb
Debian8allwordpress-theme-twentyfifteen< 4.1.28+dfsg-0+deb8u1wordpress-theme-twentyfifteen_4.1.28+dfsg-0+deb8u1_all.deb
Debian10allwordpress-l10n< 5.0.4+dfsg1-1+deb10u1wordpress-l10n_5.0.4+dfsg1-1+deb10u1_all.deb
Debian10allwordpress-theme-twentysixteen< 5.0.4+dfsg1-1+deb10u1wordpress-theme-twentysixteen_5.0.4+dfsg1-1+deb10u1_all.deb
Debian10allwordpress-theme-twentyseventeen< 5.0.4+dfsg1-1+deb10u1wordpress-theme-twentyseventeen_5.0.4+dfsg1-1+deb10u1_all.deb
Debian9allwordpress-l10n< 4.7.5+dfsg-2+deb9u6wordpress-l10n_4.7.5+dfsg-2+deb9u6_all.deb
Debian9allwordpress-theme-twentyfifteen< 4.7.5+dfsg-2+deb9u6wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u6_all.deb
Debian8allwordpress-theme-twentythirteen< 4.1.28+dfsg-0+deb8u1wordpress-theme-twentythirteen_4.1.28+dfsg-0+deb8u1_all.deb
Debian8allwordpress-theme-twentyfourteen< 4.1.28+dfsg-0+deb8u1wordpress-theme-twentyfourteen_4.1.28+dfsg-0+deb8u1_all.deb
Debian9allwordpress-theme-twentysixteen< 4.7.5+dfsg-2+deb9u6wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u6_all.deb
Rows per page:
1-10 of 151

Related

osv 8
openvas 6
nessus 6
wpvulndb 3
hackerone 1
nvd 4
prion 4
debian 6
veracode 4
cve 4
ubuntucve 4
debiancve 4
cvelist 4
zdt 1
wpexploit 1
githubexploit 1
exploitdb 1
osv
osv
wordpress - security update
2019-11-05 00:00:00
CVE-2019-17670
2019-10-17 13:15:10
CVE-2019-17671
2019-10-17 13:15:10
openvas
openvas
Debian: Security Advisory (DLA-1980-1)
2019-11-06 00:00:00
WordPress Multiple Vulnerabilities (Oct 2019) - Windows
2019-10-25 00:00:00
WordPress Multiple Vulnerabilities (Oct 2019) - Linux
2019-10-25 00:00:00
nessus
nessus
Debian DLA-1980-1 : wordpress security update
2019-11-06 00:00:00
WordPress < 5.2.4 Multiple Vulnerabilities
2019-10-15 00:00:00
Debian DLA-3141-1 : wordpress - LTS security update
2022-10-11 00:00:00
wpvulndb
wpvulndb
WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
2019-10-14 00:00:00
WordPress <= 5.2.3 - Admin Referrer Validation
2019-10-14 00:00:00
WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
2019-10-14 00:00:00
hackerone
hackerone
Nord Security: Version problem in wordpress leads to the many vulnearability
2019-12-05 10:21:54
nvd
nvd
CVE-2019-17671
2019-10-17 13:15:10
CVE-2019-17675
2019-10-17 13:15:11
CVE-2019-17669
2019-10-17 13:15:10
prion
prion
Server side request forgery (ssrf)
2019-10-17 13:15:00
Type confusion
2019-10-17 13:15:00
Design/Logic Flaw
2019-10-17 13:15:00
debian
debian
[SECURITY] [DLA 3141-1] wordpress security update
2022-10-10 13:57:31
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-10-18 07:13:34
Unauthenticated Access To Restricted Resources
2019-10-18 08:25:47
Server-Side Request Forgery (SSRF)
2019-10-18 08:16:40
cve
cve
CVE-2019-17675
2019-10-17 13:15:11
CVE-2019-17670
2019-10-17 13:15:10
CVE-2019-17671
2019-10-17 13:15:10
ubuntucve
ubuntucve
CVE-2019-17670
2019-10-17 00:00:00
CVE-2019-17675
2019-10-17 00:00:00
CVE-2019-17671
2019-10-17 00:00:00
debiancve
debiancve
CVE-2019-17670
2019-10-17 13:15:10
CVE-2019-17671
2019-10-17 13:15:10
CVE-2019-17675
2019-10-17 13:15:11
cvelist
cvelist
CVE-2019-17670
2019-10-17 00:00:00
CVE-2019-17675
2019-10-17 12:03:29
CVE-2019-17671
2019-10-17 12:04:04
zdt
zdt
WordPress Core 5.2.3 - Viewing Unauthenticated/Password/Private Posts Vulnerability
2019-11-20 00:00:00
wpexploit
wpexploit
WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
2019-10-14 00:00:00
githubexploit
githubexploit
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Wordpress
2020-04-03 08:29:07
exploitdb
exploitdb
WordPress Core &lt; 5.2.3 - Viewing Unauthenticated/Password/Private Posts
2019-10-14 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

Low

EPSS

0.015

Percentile

87.4%

JSON
Related for DEBIAN:DLA-1980-1:C7914
osv8openvas6nessus6wpvulndb3hackerone1nvd4prion4debian6veracode4cve4ubuntucve4debiancve4cvelist4zdt1wpexploit1githubexploit1exploitdb1