6.1

CVE-2017-6815

WordPress Core < 4.7.3 - Bypass URL Validation

In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.19, 3.8.19, 3.9.17, 4.0.16, 4.1.16, 4.2.13, 4.3.9, 4.4.8, 4.5.7, 4.6.4, 4.7.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 4.7.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [*, 3.7)
Version 3.7-3.7.18
Version 3.8-3.8.18
Version 3.9-3.9.16
Version 4.0-4.0.15
Version 4.1-4.1.15
Version 4.2-4.2.12
Version 4.3-4.3.8
Version 4.4-4.4.7
Version 4.5-4.5.6
Version 4.6-4.6.3
Version 4.7-4.7.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3% 0.856
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.debian.org/security/2017/dsa-3815
Third Party Advisory
http://www.securitytracker.com/id/1037959
Third Party Advisory
VDB Entry
https://codex.wordpress.org/Version_4.7.3
Patch
Vendor Advisory
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
Patch
Vendor Advisory
Release Notes
http://www.securityfocus.com/bid/96600
Third Party Advisory
VDB Entry
https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
Patch
Third Party Advisory
Issue Tracking
https://wpvulndb.com/vulnerabilities/8766
Patch
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/0ed8ee65-d910-42a4-b6de-3229346dc59e
Third Party Advisory