Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5113

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2008-5113
Last Modified 30 Oct 2012 11:06:51
Published 17 Nov 2008 06:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-5113

Summary

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.

Vulnerable Systems

Application

  • Wordpress 2.6.3


References

DEBIAN - DSA-1871

MLIST - [oss-security] 20081113 CVE request: wordpress can be subject of delayed attacks via cookies

CONFIRM - http://bugs.debian.org/504771

XF - wordpress-request-weak-security(46698)


Last Updated: 27 May 2016 10:49:47