Lucene search

HistoryOct 20, 2015 - 12:00 a.m.

Debian DSA-3375-1 : wordpress - security update

2015-10-2000:00:00

www.tenable.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.126 Low

EPSS

Percentile

95.5%

JSON

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine.

CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered.

The issue has been fixed by not allowing unclosed HTML elements in attributes.

CVE-2015-5715 A vulnerability has been discovered, allowing users without proper permissions to publish private posts and make them sticky.

The issue has been fixed in the XMLRPC code of Wordpress by not allowing private posts to be sticky.

CVE-2015-7989 A cross-site scripting vulnerability in user list tables has been discovered.

The issue has been fixed by URL-escaping email addresses in those user lists.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3375. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(86448);
  script_version("2.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-5714", "CVE-2015-5715", "CVE-2015-7989");
  script_xref(name:"DSA", value:"3375");

  script_name(english:"Debian DSA-3375-1 : wordpress - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been fixed in Wordpress, the popular
blogging engine.

  - CVE-2015-5714
    A cross-site scripting vulnerability when processing
    shortcode tags has been discovered.

  The issue has been fixed by not allowing unclosed HTML elements in
  attributes.

  - CVE-2015-5715
    A vulnerability has been discovered, allowing users
    without proper permissions to publish private posts and
    make them sticky.

  The issue has been fixed in the XMLRPC code of Wordpress by not
  allowing private posts to be sticky.

  - CVE-2015-7989
    A cross-site scripting vulnerability in user list tables
    has been discovered.

  The issue has been fixed by URL-escaping email addresses in those
  user lists."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799140"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-5714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-5715"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-7989"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/wordpress"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2015/dsa-3375"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the wordpress packages.

For the oldstable distribution (wheezy), these problems will be fixed
in later update.

For the stable distribution (jessie), these problems have been fixed
in version 4.1+dfsg-1+deb8u5."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wordpress");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"wordpress", reference:"4.1+dfsg-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"wordpress-l10n", reference:"4.1+dfsg-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"wordpress-theme-twentyfifteen", reference:"4.1+dfsg-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"wordpress-theme-twentyfourteen", reference:"4.1+dfsg-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"wordpress-theme-twentythirteen", reference:"4.1+dfsg-1+deb8u5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxwordpressp-cpe:/a:debian:debian_linux:wordpress
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

Vendor	Product	Version	CPE
debian	debian_linux	wordpress	p-cpe:/a:debian:debian_linux:wordpress
debian	debian_linux	8.0	cpe:/o:debian:debian_linux:8.0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989

bugs.debian.org/cgi-bin/bugreport.cgi?bug=799140

packages.debian.org/source/jessie/wordpress

security-tracker.debian.org/tracker/CVE-2015-5714

security-tracker.debian.org/tracker/CVE-2015-5715

security-tracker.debian.org/tracker/CVE-2015-7989

www.debian.org/security/2015/dsa-3375

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.126 Low

EPSS

Percentile

95.5%

JSON

Related for DEBIAN_DSA-3375.NASL