FS#53945 : [wordpress]WordPress Core <= 4.7.4 Potential Unauthorized Password Reset [CVE-2017-8295]

FS#53945 - [wordpress]WordPress Core <= 4.7.4 Potential Unauthorized Password Reset [CVE-2017-8295]

Attached to Project: Community Packages
Opened by Filip Frackiewicz (notreallyhere) - Saturday, 06 May 2017, 11:17 GMT
Last edited by Alexander F. Rødseth (xyproto) - Sunday, 07 May 2017, 13:49 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Alexander F. Rødseth (xyproto) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Wordpress 4.7.4 has a vulnerability within its password reset feature. You can read more about it here:

https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html

http://seclists.org/bugtraq/2017/May/13

This task depends upon

Closed by Alexander F. Rødseth (xyproto)
Sunday, 07 May 2017, 13:49 GMT
Reason for closing: Fixed

Comment by Alexander F. Rødseth (xyproto) - Sunday, 07 May 2017, 13:26 GMT

The workaround is to configure the web server properly. For Apache, that means setting "UseCanonicalName" to "On".

Applying a patch. Hopefully upstream will fix this in a later release.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#53945 - [wordpress]WordPress Core <= 4.7.4 Potential Unauthorized Password Reset [CVE-2017-8295]

Details

Loading...