CVE-2013-0235
published 2013-07-08CVE-2013-0235: The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a…
PriorityP348medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
28.86%
97.9th percentile
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
Affected
86 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 3.5.1+dfsg-1 (bookworm) | wordpress 3.5.1+dfsg-1 (bookworm) |
| debian | wordpress | < wordpress 3.5.2+dfsg-1 (bookworm) | wordpress 3.5.2+dfsg-1 (bookworm) |
| wordpress | wordpress | <= 3.5.1 | — |
| wordpress | wordpress | <= 3.5.0 | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect inbound XMLRPC pingback requests with crafted source URLs targeting internal/intranet addresses — indicative of SSRF abuse via the WordPress Pingback API. ↗
- →Monitor WordPress sites for Pingback API availability (xmlrpc.php responding to pingback.ping method calls); active scanning for this endpoint is a precursor to SSRF/port-scan exploitation. ↗
- →Flag outbound HTTP requests originating from the WordPress process to RFC-1918 or loopback addresses, which may indicate SSRF exploitation via the pingback source URL parameter. ↗
- ·Vulnerability is fixed in WordPress 3.5.1; any installation running a version prior to 3.5.1 is affected. Patch was applied at changeset 23330. ↗
- ·The related CVE-2013-2199 (HTTP API SSRF) was not fixed until WordPress 3.5.2; environments patched only to 3.5.1 remain vulnerable to that variant. ↗
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.4MEDIUM
vendor_debian6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2013-0235: wordpress - The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP re...
vendor_debian·2013·CVSS 6.4
CVE-2013-0235 [MEDIUM] CVE-2013-0235: wordpress - The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP re...
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
Scope: local
bookworm: resolved (fixed in 3.5.1+dfsg-1)
bullseye: resolved (fixed in 3.5.1+dfsg-1)
forky: resolved (fixed in 3.5.1+dfsg-1)
sid: resolved (fixed in 3.5.1+dfsg-1)
trixie: resolved (fixed in 3.5.1+dfsg-1)
Debian
CVE-2013-2199: wordpress - The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requ...
vendor_debian·2013·CVSS 6.4
CVE-2013-2199 [MEDIUM] CVE-2013-2199: wordpress - The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requ...
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235.
Scope: local
bookworm: resolved (fixed in 3.5.2+dfsg-1)
bullseye: resolved (fixed in 3.5.2+dfsg-1)
forky: resolved (fixed in 3.5.2+dfsg-1)
sid: resolved (fixed in 3.5.2+dfsg-1)
trixie: resolved (fixed in 3.5.2+dfsg-1)
GHSA
GHSA-7372-64f4-g53c: The HTTP API in WordPress before 3
ghsa_unreviewed·2022-05-17·CVSS 6.4
CVE-2013-2199 [MEDIUM] GHSA-7372-64f4-g53c: The HTTP API in WordPress before 3
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235.
GHSA
GHSA-h9g4-hjrv-3hqw: The XMLRPC API in WordPress before 3
ghsa_unreviewed·2022-05-05
CVE-2013-0235 [MEDIUM] GHSA-h9g4-hjrv-3hqw: The XMLRPC API in WordPress before 3
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
OSV
CVE-2013-2199: The HTTP API in WordPress before 3
osv·2013-07-08·CVSS 6.4
CVE-2013-2199 [MEDIUM] CVE-2013-2199: The HTTP API in WordPress before 3
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235.
OSV
CVE-2013-0235: The XMLRPC API in WordPress before 3
osv·2013-07-08·CVSS 6.4
CVE-2013-0235 [MEDIUM] CVE-2013-0235: The XMLRPC API in WordPress before 3
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
No detection rules found.
Bugzilla
CVE-2014-0235 php: file: extensive backtracking in awk rule regular expression (incomplete fix for CVE-2013-7345) [fedora-all]
bugzilla·2014-06-30·CVSS 5.0
CVE-2014-0235 [MEDIUM] CVE-2014-0235 php: file: extensive backtracking in awk rule regular expression (incomplete fix for CVE-2013-7345) [fedora-all]
CVE-2014-0235 php: file: extensive backtracking in awk rule regular expression (incomplete fix for CVE-2013-7345) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field wh
Bugzilla
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version
bugzilla·2013-06-21·CVSS 6.4
CVE-2013-2199 [MEDIUM] CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version
On Friday, 2013-06-21 WordPress upstream is about to release new WordPress v3.5.2 version,
correcting the following security flaws:
* CVE-2013-2199 - SSRF, multiple vulnerabilities:
Inadequate SSRF protection for HTTP requests where the user can provide a URL
can allow for attacks against the intranet and other sites. This is a
continuation of work related to CVE-2013-0235, which was specific to SSRF in
pingback requests and was fixed in 3.5.1.
* CVE-2013-2200 - Privilege escalation allowing contributors to publish posts:
Inadequate checking of a user's capabilities could allow them to publish posts
when thei
Bugzilla
CVE-2013-0235 wordpress: Server-side request forgery and remote port scanning using pingbacks
bugzilla·2013-01-25·CVSS 6.4
CVE-2013-0235 [MEDIUM] CVE-2013-0235 wordpress: Server-side request forgery and remote port scanning using pingbacks
CVE-2013-0235 wordpress: Server-side request forgery and remote port scanning using pingbacks
From WordPress upstream v3.5.1 advisory [1]:
* A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
References:
[1] http://wordpress.org/news/2013/01/wordpress-3-5-1/
[2] http://www.openwall.com/lists/oss-security/2013/01/25/7
Discussion:
This issue affects the versions of the wordpress package, as shipped with Fedora release of 16, 17, and 18. Please schedule an update.
--
This
Bugzilla
CVE-2013-0235 CVE-2013-0236 CVE-2013-0237 wordpress various flaws [fedora-all]
bugzilla·2013-01-25·CVSS 6.4
CVE-2013-0235 [MEDIUM] CVE-2013-0235 CVE-2013-0236 CVE-2013-0237 wordpress various flaws [fedora-all]
CVE-2013-0235 CVE-2013-0236 CVE-2013-0237 wordpress various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue af
Bugzilla
CVE-2013-0235 CVE-2013-0236 CVE-2013-0237 wordpress various flaws [epel-all]
bugzilla·2013-01-25·CVSS 6.4
CVE-2013-0235 [MEDIUM] CVE-2013-0235 CVE-2013-0236 CVE-2013-0237 wordpress various flaws [epel-all]
CVE-2013-0235 CVE-2013-0236 CVE-2013-0237 wordpress various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue
http://codex.wordpress.org/Version_3.5.1http://core.trac.wordpress.org/changeset/23330http://wordpress.org/news/2013/01/wordpress-3-5-1/http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/https://bugzilla.redhat.com/show_bug.cgi?id=904120http://codex.wordpress.org/Version_3.5.1http://core.trac.wordpress.org/changeset/23330http://wordpress.org/news/2013/01/wordpress-3-5-1/http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/https://bugzilla.redhat.com/show_bug.cgi?id=904120
2013-07-08
Published