[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: WordPress plugin vitamin traversal arbitrary file access
From:       cve-assign () mitre ! org
Date:       2014-07-28 23:10:34
Message-ID: 20140728231034.60C4F1F1BFB () smtpksrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Can I get 2012 CVE for WordPress plugin vitamin path parameter traversal
> arbitrary file access vulnerability, thanks. Files: add_headers.php, minify.php
> 
> Affected: 1.0
> Fixed in: 1.1
> 
> Changelog: http://wordpress.org/plugins/vitamin/changelog/
> SCM: https://plugins.trac.wordpress.org/changeset/582232/vitamin

Use CVE-2012-6651. The scope of this CVE ID is the directory
traversal. It isn't directly about the ability to access .php
and .phtml files in unpatched versions, apparently corrected with
lines such as:

  if( 'php' == strtolower($ext) ) { die("Adding headers to php files is forbidden"); }

We did not research that in depth, but suspect that it may be a
usability fix rather than a security fix.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT1tc9AAoJEKllVAevmvmsbRwIAJhf/l3HLBx5f4HgY2yEozXF
alxy3DonvvENWr05OlFwLZI90MsYV+V4bvtFA9Qpnsun/Q202qu+/xWfhj6/2LKf
7FRS/7gSsdjUQSuSmyjgO8NpfW7y41D8Zt/+O9hjGj8K5FCuDjoBkuSblJvfW8x7
Lo/mZPrvyrjcSL5ZhUpff++IiLUo0yBWVddu2ehii2o9fjtPTQA2PCa6wZIdgoHv
Mv7p2QRVPvVubfM83WoxmpUq7uukNFYTnPivVgaqw9VqMKHNw6gJlD9o877AJOTk
HCTYa8cL16P85OlVqC2KR/0K+jwcyrtrIQGPBlR9px69TXa/HVsmzmsJSdD/Bzs=
=cnlx
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]