| VID |
21638 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Serendipity is vulnerable to a code injection vulnerability in its bundled XML-RPC library. Serendipity is a Weblog/blog system written in PHP, and XML-RPC is a library for open-source code for PHP users. Serendipity versions prior to 0.8.2 and PEAR XML-RPC versions prior to 1.3.1 could allow a remote attacker to execute arbitrary PHP code, caused by an unspecified vulnerability in its bundled XML-RPC library. A remote attacker could exploit this vulnerability to execute arbitrary PHP code on the system.
* References:
http://www.securitytracker.com/alerts/2005/Jun/1014327.html
http://secunia.com/advisories/15862/
http://blog.s9y.org/archives/36-CRITICAL-BUGFIX-RELEASE-Serendipity-0.8.2.html
* Platforms Affected:
S9y, Serendipity versions prior to 0.8.2
PEAR XML-RPC versions prior to 1.3.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PEAR XML-RPC (1.3.1 or later), available from the PEAR XML_RPC Download Web page at http://pear.php.net/manual/en/introduction.php
-- AND --
Upgrade to the latest version of Serendipity (0.8.2 or later), available from the SourceForge.net Web site at http://sourceforge.net/project/showfiles.php?group_id=75065 |
| Related URL |
CVE-2005-1921 (CVE) |
| Related URL |
14088 (SecurityFocus) |
| Related URL |
21194 (ISS) |
|
