LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

wordpress: multiple vulnerabilities

Package(s):wordpress CVE #(s):CVE-2009-2854 CVE-2009-2851 CVE-2009-2853
Created:August 24, 2009 Updated:August 28, 2009
Description:

From the Debian advisory:

CVE-2009-2854: It was discovered that wordpress lacks authentication checks in various actions, thus allowing remote attackers to produce unauthorised edits or additions.

CVE-2009-2851: It was discovered that the administrator interface is prone to a cross-site scripting attack.

CVE-2009-2853: It was discovered that remote attackers can gain privileges via certain direct requests.

Alerts:
Debian DSA-1871-2 2009-08-27
Debian DSA-1871-1 2009-08-23
(Log in to post comments)

Broken links

Posted Aug 28, 2009 12:10 UTC (Fri) by ajk (subscriber, #6607) [Link]

The CVE links in this and several other posts appear to be broken.

(I didn't find any email address where I could have reported this, so doing it publically.)

Broken links

Posted Aug 28, 2009 13:11 UTC (Fri) by corbet (editor, #1) [Link]

1) They are working for me. The Mitre folks recently broke links to www.cve.mitre.org, but we fixed that a couple of days ago so you shouldn't have been seeing it.

2) The LWN.net FAQ, as listed in the upper-right corner of the page, includes contact addresses.

Broken links

Posted Aug 28, 2009 13:19 UTC (Fri) by ajk (subscriber, #6607) [Link]

The links on this page are working – noticed that after posting. I noticed the problem on http://lwn.net/Articles/347814/ and (reasonably, I'd think) assumed that both pages are generated from the same data and thus would not differ on this.

As to the FAQ – I did have a look there. Dunno why I missed the addresses.

Broken links

Posted Aug 28, 2009 13:28 UTC (Fri) by corbet (editor, #1) [Link]

Ah, OK, that was a caching problem on our end. We should have thought of that; fixed now.

(But done with an obligatory grumble toward the mitre.org folks who broke URLs that have worked for years...)

Broken links

Posted Aug 28, 2009 15:58 UTC (Fri) by ajk (subscriber, #6607) [Link]

I'm still seeing the broken links here, even though I've flushed my browser cache, done hard reloads and changed IP addresses (by going home from work) in between.

Broken links

Posted Aug 28, 2009 16:05 UTC (Fri) by corbet (editor, #1) [Link]

AAAAARRRRRRGH!

OK, I know what the problem is. Now it's fixed. Really this time. Honest. I wouldn't mislead you on this. Trust me.

Sorry for the confusion.

Broken links

Posted Aug 28, 2009 16:16 UTC (Fri) by ajk (subscriber, #6607) [Link]

Confirmed. Thank you :)

Broken links

Posted Aug 28, 2009 13:30 UTC (Fri) by jake (editor, #205) [Link]

> I noticed the problem on http://lwn.net/Articles/347814/ and (reasonably,
> I'd think) assumed that both pages are generated from the same data and
> thus would not differ on this.

Hmm, the half-dozen CVE links I tried on the page you reference seemed to work just fine. You are right, they are generated from the same data, so it would be weird if some weren't working. Can you give a specific example?

thanks!

jake

Broken links

Posted Aug 28, 2009 13:32 UTC (Fri) by jake (editor, #205) [Link]

Oops! Never mind ... :)

jake

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds