Comments on: Wordpress Is Dangerous! Upgrade Now! http://www.901am.com/2007/wordpress-is-dangerous-upgrade-now.html New Media News Every Morning Mon, 22 Mar 2010 01:10:32 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: hoodiaweightloss http://www.901am.com/2007/wordpress-is-dangerous-upgrade-now.html/comment-page-1#comment-3088 hoodiaweightloss Mon, 30 Apr 2007 01:35:58 +0000 http://www.actionwebtools.com/~nine01am/?p=1141#comment-3088 Wanted to compliment on your site, it looks really good . Hank Wanted to compliment on your site, it looks really good .

Hank

]]> By: Wordpress Vulnerability, CSRF/XSS Details » Justin Shattuck » Blog Archive http://www.901am.com/2007/wordpress-is-dangerous-upgrade-now.html/comment-page-1#comment-2002 Wordpress Vulnerability, CSRF/XSS Details » Justin Shattuck » Blog Archive Sat, 03 Mar 2007 04:22:58 +0000 http://www.actionwebtools.com/~nine01am/?p=1141#comment-2002 [...] Wordpress is dangerous, Upgrade now! seems to be a headline that is traveling the blogosphere in reference to the Wordpress 2.1.1 release. According to numerous websites, there are a number of vulnerabilities that are included within the 2.1.1 release and Wordpress.org is notifying their users of a dangerous release and asking everyone to download the new 2.1.2. [...] [...] Wordpress is dangerous, Upgrade now! seems to be a headline that is traveling the blogosphere in reference to the Wordpress 2.1.1 release. According to numerous websites, there are a number of vulnerabilities that are included within the 2.1.1 release and Wordpress.org is notifying their users of a dangerous release and asking everyone to download the new 2.1.2. [...]

]]> By: Justin Shattuck http://www.901am.com/2007/wordpress-is-dangerous-upgrade-now.html/comment-page-1#comment-2001 Justin Shattuck Sat, 03 Mar 2007 03:58:45 +0000 http://www.actionwebtools.com/~nine01am/?p=1141#comment-2001 This is what I get for being lazy. This vulnerability was actually discovered and written up on Feb 27, 2007. However, if your host is a little on edge and utlizing mod_securit you're absolutely fine. Mod_security, if using some moderate security signatures should detect the %3E and script string within the URI during the attack vector and deliver an error 500. I was going to write about this two days ago but got tied up with work. But once again, there were five new attack vectors released and all 5 should be harmless if mod_security is included within apache on your host. Just FYI This is what I get for being lazy. This vulnerability was actually discovered and written up on Feb 27, 2007. However, if your host is a little on edge and utlizing mod_securit you’re absolutely fine. Mod_security, if using some moderate security signatures should detect the %3E and script string within the URI during the attack vector and deliver an error 500.

I was going to write about this two days ago but got tied up with work. But once again, there were five new attack vectors released and all 5 should be harmless if mod_security is included within apache on your host.

Just FYI

]]>