Gentoo Logo

WordPress: HTTP response splitting and XSS vulnerabilities

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200410-12 / wordpress
Release Date October 14, 2004
Latest Revision May 22, 2006: 04
Impact low
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
www-apps/wordpress < 1.2.2 >= 1.2.2 All supported architectures

Related bugreports: #65798

Synopsis

WordPress contains HTTP response splitting and cross-site scripting vulnerabilities.

2.  Impact Information

Background

WordPress is a PHP and MySQL based content management and publishing system.

Description

Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks.

Impact

A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim's data or browser.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All WordPress users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.2.2"

4.  References



Print

Page updated October 14, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.