Bug 198107 (CVE-2006-3390) - CVE-2006-3390: Wordpress information disclosure
Summary: CVE-2006-3390: Wordpress information disclosure
Status: CLOSED NOTABUG
Alias: CVE-2006-3390
Product: Fedora
Classification: Fedora
Component: wordpress
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: John Berninger
QA Contact: Fedora Extras Quality Assurance
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-07-09 18:54 UTC by Ville Skyttä
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-07-20 12:14:20 UTC


Attachments (Terms of Use)

Description Ville Skyttä 2006-07-09 18:54:57 UTC
WordPress 2.0.3 allows remote attackers to obtain the installation path via a
direct request to various files, such as those in the (1) wp-admin, (2)
wp-content, and (3) wp-includes directories, possibly due to uninitialized
variables.

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3390

This sounds to me like a "not an issue, installation paths are not a secret in
Fedora", but a confirmation from someone familiar with Wordpress would be nice.

Comment 1 John Berninger 2006-07-09 19:13:30 UTC
Not only are installation paths not secret, but there dosn't seem to be any true
information leak:
http://www.securityfocus.com/archive/1/439031/100/0/threaded

If there are no objections within a few days to a week, I'll close this NOTBUG
at that time.


Note You need to log in before you can comment on or make changes to this bug.