Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-5113

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.

Related bugs and status

CVE-2008-5113 (Candidate) is related to these bugs:

Bug #417322: Please merge wordpress 2.8.4-1(universe) from debian unstable(main)

Summary				In	Importance	Status
	417322	Please merge wordpress 2.8.4-1(universe) from debian unstable(main)		wordpress (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008111...
CONFIRM: http://bugs.debian.org...
DEBIAN: DSA-1871
XF: wordpress-request-weak...