thr3ads.net - Secure testing team - [Secure-testing-team] Bug#537146: CVE-2009-2431, CVE-2009-2432 [Jul 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Jul-15 13:50 UTC

[Secure-testing-team] Bug#537146: CVE-2009-2431, CVE-2009-2432

Package: wordpress
Severity: important
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wordpress.

CVE-2009-2431[0]:
| WordPress 2.7.1 places the username of a post''s author in an HTML
| comment, which allows remote attackers to obtain sensitive information
| by reading the HTML source.

CVE-2009-2432[1]:
| WordPress and WordPress MU before 2.8.1 allow remote attackers to
| obtain sensitive information via a direct request to wp-settings.php,
| which reveals the installation path in an error message.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2431
    http://security-tracker.debian.net/tracker/CVE-2009-2431
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2432
    http://security-tracker.debian.net/tracker/CVE-2009-2432

Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpd3pMACgkQNxpp46476aqM3ACfcibxTeb3VlsmO3Pw5hgJ3M1z
Q7cAn1FSBrFa0HcY8uSDEsEF1tBjGmzv
=g+1s
-----END PGP SIGNATURE-----

Secure testing team - Jul 2009 - Bug#537146: CVE-2009-2431, CVE-2009-2432

[Secure-testing-team] Bug#537146: CVE-2009-2431, CVE-2009-2432