NVD

Id
3612  
Name
CVE-2008-3747  
Description
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2008-08-27  
Modified Date
2009-08-19  
Seq
2008-3747  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
22844 3612 CVE-2008-3747 http://trac.wordpress.org/ticket/7359  View
22845 3612 CVE-2008-3747 [oss-security] 20080819 wordpress 2.6.1  View
22846 3612 CVE-2008-3747 [oss-security] 20080820 Re: wordpress 2.6.1  View
22847 3612 CVE-2008-3747 30750  View
22848 3612 CVE-2008-3747 wordpress-geteditpostlink-info-disclosure(44569)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
50849 JVNDB-2008-006159 WordPress の wp-includes/link-template.php における管理アクセス権限を取得される脆弱性 WordPress の wp-includes/link-template.php の (1) get_edit_post_link 関数および (2) get_edit_comment_link 関数は、想定された状況では SSL 通信を強制的に実行しないため、管理アクセス権限を取得される脆弱性が存在します。 CVE-2008-3747 33860 CVE-2008-3747 3612 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-006159.html 2008-08-27 2012-12-20 View