Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2702

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2702
Last Modified 07 Mar 2011 09:36:50
Published 31 May 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2702

Summary

vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].

Vulnerable Systems

Application

  • Wordpress 2.0.2


References

VUPEN - ADV-2006-1992

BUGTRAQ - 20060525 Wordpress <=2.0.2 'cache' shell injection

SECUNIA - 20271

MISC - http://retrogod.altervista.org/wordpress_202_xpl.html

XF - wordpress-pcremoteaddr-ip-spoofing(26688)

OSVDB - 25935

GENTOO - GLSA-200606-08

SECUNIA - 20608


Last Updated: 27 May 2016 10:42:43