Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:PHP:WP-ADMIN-CONFIG-BYPASS

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 WordPress 'wp-admin/admin.php' Module Configuration Security Bypass

Release Date

 2013/05/09

Update Number

 2262

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: WordPress 'wp-admin/admin.php' Module Configuration Security Bypass


This signature detects attempts to exploit a known vulnerability against WordPress. It is due to insufficient validation of user supplied input in wp-admin/admin.php script. A successful attack can lead to unauthorized access within the context of affected application.

Extended Description

WordPress is prone to a security-bypass vulnerability. Authenticated attackers may exploit this issue to gain access to configuration scripts, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible. Versions prior to the following are vulnerable: WordPress 2.8.1 WordPress MU 2.8.1

Affected Products

  • Debian Linux 4.0
  • Debian Linux 4.0 Alpha
  • Debian Linux 4.0 Amd64
  • Debian Linux 4.0 Arm
  • Debian Linux 4.0 Armel
  • Debian Linux 4.0 Hppa
  • Debian Linux 4.0 Ia-32
  • Debian Linux 4.0 Ia-64
  • Debian Linux 4.0 M68k
  • Debian Linux 4.0 Mips
  • Debian Linux 4.0 Mipsel
  • Debian Linux 4.0 Powerpc
  • Debian Linux 4.0 S/390
  • Debian Linux 4.0 Sparc
  • Debian Linux 5.0
  • Debian Linux 5.0 Alpha
  • Debian Linux 5.0 Amd64
  • Debian Linux 5.0 Arm
  • Debian Linux 5.0 Armel
  • Debian Linux 5.0 Hppa
  • Debian Linux 5.0 Ia-32
  • Debian Linux 5.0 Ia-64
  • Debian Linux 5.0 M68k
  • Debian Linux 5.0 Mips
  • Debian Linux 5.0 Mipsel
  • Debian Linux 5.0 Powerpc
  • Debian Linux 5.0 S/390
  • Debian Linux 5.0 Sparc
  • Red Hat Fedora 10
  • Red Hat Fedora 11
  • WordPress 2.0.0
  • WordPress 2.0.1
  • WordPress 2.0.10
  • WordPress 2.0.10-RC1
  • WordPress 2.0.10-RC2
  • WordPress 2.0.11
  • WordPress 2.0.2
  • WordPress 2.0.3
  • WordPress 2.0.4
  • WordPress 2.0.5
  • WordPress 2.0.6
  • WordPress 2.0.7
  • WordPress 2.1
  • WordPress 2.1.1
  • WordPress 2.1.2
  • WordPress 2.1.3
  • WordPress 2.1.3-RC1
  • WordPress 2.1.3-RC2
  • WordPress 2.2
  • WordPress 2.2.1
  • WordPress 2.2.2
  • WordPress 2.2.3
  • WordPress 2.2 Revision 5002
  • WordPress 2.2 Revision 5003
  • WordPress 2.3
  • WordPress 2.3.1
  • WordPress 2.3.2
  • WordPress 2.3.3
  • WordPress 2.5
  • WordPress 2.5.1
  • WordPress 2.6
  • WordPress 2.6.1
  • WordPress 2.6.2
  • WordPress 2.6.5
  • WordPress 2.8
  • WordPress WordPress MU 2.6
  • WordPress WordPress MU 2.7
  • WordPress WordPress MU 2.7.1

References

  • BugTraq: 35584
  • CVE: CVE-2009-2334

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out