[Git][security-tracker-team/security-tracker][master] CVE-2017-1000600 and CVE-2018-1000773 are for the same underlying problem in wordpress.

Ola Lundqvist opal at debian.org
Sun Jun 9 23:16:59 BST 2019 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
94190ded by Ola Lundqvist at 2019-06-09T22:16:22Z
CVE-2017-1000600 and CVE-2018-1000773 are for the same underlying problem in wordpress.
It is clear that there are a number of pre-conditions that must be in place for this
being exploitable. From wordpress 4.9 and later a third party module must be installed on the site.

The problem is there so it should not be declared as undetermined.
The severity of the problem may not be enough for fixing then then it should be declared as
postponed, ignored or similar instead.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41727,7 +41727,8 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversa
 CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference vuln ...)
 	NOT-FOR-US: zephyr-rtos
 CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...)
-	- wordpress <undetermined>
+	- wordpress 4.1+dfsg-1+deb8u17
+	NOTE: See CVE-2017-1000600. That CVE is not completely fixed in wordpress 4.9.
 CVE-2018-1000673
 	REJECTED
 CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL Redirection to  ...)
@@ -41763,11 +41764,16 @@ CVE-2018-1000659 (LimeSurvey version 3.14.4 and earlier contains a directory tra
 CVE-2018-1000658 (LimeSurvey version prior to 3.14.4 contains a file upload vulnerabilit ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2017-1000600 (WordPress version <4.9 contains a CWE-20 Input Validation vulnerabi ...)
-	- wordpress <undetermined>
+	- wordpress 4.1+dfsg-1+deb8u17
 	NOTE: https://www.securityfocus.com/bid/105305/references
 	NOTE: https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/
 	NOTE: https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf
+	NOTE: https://www.youtube.com/watch?v=GePBmsNJw6Y&feature=youtu.be&t=1763
 	NOTE: https://twitter.com/_s_n_t/status/1030573635617124353
+	NOTE: Wordpress before 4.9 is vulnerable on its own. After 4.9 you need to have
+        NOTE: vulnerable module installed on the site as well. This may affect the severity
+	NOTE: and importance of fixing but it should not be considered as undetermined.
+        NOTE: For wordpress 4.9 and later CVE-2018-1000773 has been issued.
 CVE-2018-16553
 	RESERVED
 CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/94190ded68b383d8244977a1a6e2b2314e21c119

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/94190ded68b383d8244977a1a6e2b2314e21c119
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190609/d0aced51/attachment.html>

More information about the debian-security-tracker-commits mailing list