Mageia: Security Advisory (MGASA-2015-0202)

2022-01-2800:00:00

plugins.openvas.org

mageia

security advisory

'wordpress'

cross-site scripting

cve-2015-3440

update

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.934

Percentile

99.1%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2015.0202");
  script_cve_id("CVE-2015-3440");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:09+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_name("Mageia: Security Advisory (MGASA-2015-0202)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA4");

  script_xref(name:"Advisory-ID", value:"MGASA-2015-0202");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2015-0202.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=15786");
  script_xref(name:"URL", value:"http://codex.wordpress.org/Version_3.9.5");
  script_xref(name:"URL", value:"http://codex.wordpress.org/Version_3.9.6");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2015-0202 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Updated wordpress packages fixes security vulnerabilities:

The wordpress package has been updated to version 3.9.6, which fixes multiple
cross-site scripting issues, including CVE-2015-3440, and other bugs.

Note that upstream has advised us that WordPress 3.9.x is no longer supported.
As this package is unmaintained, this may be the last update for this package.
Downloading the latest version from upstream and using that, as well as making
use of its aut-update capability, may be preferable to using this package.");

  script_tag(name:"affected", value:"'wordpress' package(s) on Mageia 4.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA4") {

  if(!isnull(res = isrpmvuln(pkg:"wordpress", rpm:"wordpress~3.9.6~1.mga4", rls:"MAGEIA4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);