CVE

Id
35230  
CVE No.
CVE-2008-5113  
Status
Candidate  
Description
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.  
Phase
Assigned (20081117)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
386234 35230 CVE-2008-5113 MLIST:[oss-security] 20081113 CVE request: wordpress can be subject of delayed attacks via cookies  View
386235 35230 CVE-2008-5113 URL:http://openwall.com/lists/oss-security/2008/11/14/1  View
386236 35230 CVE-2008-5113 CONFIRM:http://bugs.debian.org/504771  View
386237 35230 CVE-2008-5113 DEBIAN:DSA-1871  View
386238 35230 CVE-2008-5113 URL:http://www.debian.org/security/2009/dsa-1871  View
386239 35230 CVE-2008-5113 XF:wordpress-request-weak-security(46698)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
47070 JVNDB-2008-002380 Sun Java System Identity Manager におけるオープンリダイレクトの脆弱性 Sun Java System Identity Manager には、オープンリダイレクトの脆弱性が存在します。 CVE-2008-5117 35230 6.4 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002380.html  View