Gentoo Logo

WordPress: HTTP response splitting and XSS vulnerabilities


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200410-12 / wordpress
Release Date October 14, 2004
Latest Revision May 22, 2006: 04
Impact low
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
www-apps/wordpress < 1.2.2 >= 1.2.2 All supported architectures

Related bugreports: #65798


WordPress contains HTTP response splitting and cross-site scripting vulnerabilities.

2.  Impact Information


WordPress is a PHP and MySQL based content management and publishing system.


Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks.


A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim's data or browser.

3.  Resolution Information


There is no known workaround at this time.


All WordPress users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.2.2"

4.  References


Page updated October 14, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.