CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
99.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2015.0202");
script_cve_id("CVE-2015-3440");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_name("Mageia: Security Advisory (MGASA-2015-0202)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA4");
script_xref(name:"Advisory-ID", value:"MGASA-2015-0202");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2015-0202.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=15786");
script_xref(name:"URL", value:"http://codex.wordpress.org/Version_3.9.5");
script_xref(name:"URL", value:"http://codex.wordpress.org/Version_3.9.6");
script_tag(name:"summary", value:"The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2015-0202 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Updated wordpress packages fixes security vulnerabilities:
The wordpress package has been updated to version 3.9.6, which fixes multiple
cross-site scripting issues, including CVE-2015-3440, and other bugs.
Note that upstream has advised us that WordPress 3.9.x is no longer supported.
As this package is unmaintained, this may be the last update for this package.
Downloading the latest version from upstream and using that, as well as making
use of its aut-update capability, may be preferable to using this package.");
script_tag(name:"affected", value:"'wordpress' package(s) on Mageia 4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA4") {
if(!isnull(res = isrpmvuln(pkg:"wordpress", rpm:"wordpress~3.9.6~1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);