Debian update for wordpress
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2017-9066 CVE-2017-16510 CVE-2017-17091 CVE-2017-17092 CVE-2017-17093 CVE-2017-17094 |
| CWE-ID | CWE-352 CWE-89 CWE-330 CWE-284 CWE-79 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
wordpress (Debian package) Operating systems & Components / Operating system package or component |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Cross-site request forgery
EUVDB-ID: #VU6593
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9066
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to redirect users to arbitrary website.
The vulnerability exists due to insufficient validation of user-supplied data before redirecting visitors in the HTTP class. A remote attacker can exploit this vulnerability to interact with the web server using SSRF vector.
Successful exploitation of the vulnerability may allow an attacker to send HTTP requests to 0.0.0.0 on port 80, 443 and 8080.
Example:
http://[host]/wp-admin/press-this.php?u=http://[HOST|IP]Mitigation
Update the affected package to version: 4.1+dfsg-1+deb8u16, 4.7.5+dfsg-2+deb9u2.
Vulnerable software versionswordpress (Debian package): 4.0+dfsg-1 - 4.7.5+dfsg-2+deb9u1~bpo8+1
External linkshttp://www.debian.org/security/2018/dsa-4090
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) SQL injection
EUVDB-ID: #VU9018
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16510
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in application's database.
The vulnerability exists due to an error in $wpdb->prepare() that can lead to SQL injection attacks exploited via third-party software. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary SQL commands in web application database.
Update the affected package to version: 4.1+dfsg-1+deb8u16, 4.7.5+dfsg-2+deb9u2.
Vulnerable software versionswordpress (Debian package): 4.0+dfsg-1 - 4.7.5+dfsg-2+deb9u1~bpo8+1
External linkshttp://www.debian.org/security/2018/dsa-4090
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insufficient randomization
EUVDB-ID: #VU9453
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-17091
CWE-ID:
CWE-330 - Use of Insufficiently Random Values
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists in wp-admin/user-new.php script due to usage of a determinate substring in newbloguser key, which can be directly derived from the user ID. A remote attacker can guess the key and bypass intended access restrictions.
Update the affected package to version: 4.1+dfsg-1+deb8u16, 4.7.5+dfsg-2+deb9u2.
Vulnerable software versionswordpress (Debian package): 4.0+dfsg-1 - 4.7.5+dfsg-2+deb9u1~bpo8+1
External linkshttp://www.debian.org/security/2018/dsa-4090
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU9456
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-17092
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to upload JavaScript files.
The vulnerability exists due to incorrectly implemented access restrictions in wp-includes/functions.php script, which allowed uploading of JavaScript files for users without unfiltered_html permissions. A remote authenticated attacker can upload malicious JavaScript file and perform XSS or spoofing attacks against website users.
Update the affected package to version: 4.1+dfsg-1+deb8u16, 4.7.5+dfsg-2+deb9u2.
Vulnerable software versionswordpress (Debian package): 4.0+dfsg-1 - 4.7.5+dfsg-2+deb9u1~bpo8+1
External linkshttp://www.debian.org/security/2018/dsa-4090
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU9454
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-17093
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability exists due to insufficient sanitization of the language attributes used on html elements in wp-includes/general-template.php script. A remote attacker can bypass implemented filters and execute arbitrary HTML and script code in victims browser in context of the vulnerable website.
Update the affected package to version: 4.1+dfsg-1+deb8u16, 4.7.5+dfsg-2+deb9u2.
Vulnerable software versionswordpress (Debian package): 4.0+dfsg-1 - 4.7.5+dfsg-2+deb9u1~bpo8+1
External linkshttp://www.debian.org/security/2018/dsa-4090
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cross-site scripting
EUVDB-ID: #VU9455
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-17094
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability exists due to insufficient sanitization of the attributes of enclosures in RSS and Atom feeds within wp-includes/feed.php script. A remote attacker can bypass implemented filters and execute arbitrary HTML and script code in victims browser in context of the vulnerable website.
Update the affected package to version: 4.1+dfsg-1+deb8u16, 4.7.5+dfsg-2+deb9u2.
Vulnerable software versionswordpress (Debian package): 4.0+dfsg-1 - 4.7.5+dfsg-2+deb9u1~bpo8+1
External linkshttp://www.debian.org/security/2018/dsa-4090
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
