CVE-2008-3747 - Vulnerability Details

The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

OR	cpe:2.3:a:wordpress:wordpress:0.6.2:::::::*
	cpe:2.3:a:wordpress:wordpress:0.6.2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:0.7:::::::*
	cpe:2.3:a:wordpress:wordpress:0.71:::::::*
	cpe:2.3:a:wordpress:wordpress:0.72:::::::*
	cpe:2.3:a:wordpress:wordpress:0.72:beta1::::::
	cpe:2.3:a:wordpress:wordpress:0.72:beta2::::::
	cpe:2.3:a:wordpress:wordpress:0.72:rc1::::::
	cpe:2.3:a:wordpress:wordpress:0.711:::::::*
	cpe:2.3:a:wordpress:wordpress:1.0:::::::*
	cpe:2.3:a:wordpress:wordpress:1.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2:beta::::::
	cpe:2.3:a:wordpress:wordpress:1.2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.1.3:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.4:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.5:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.6:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.7:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.9:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.10:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.11:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3:beta3::::::
	cpe:2.3:a:wordpress:wordpress:2.3:rc1::::::
	cpe:2.3:a:wordpress:wordpress:2.3.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3.1:rc1::::::
	cpe:2.3:a:wordpress:wordpress:2.3.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.5:::::::*
	cpe:2.3:a:wordpress:wordpress:2.5.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6:::::::*

No data.

References

Link	Providers
http://trac.wordpress.org/ticket/7359
http://www.openwall.com/lists/oss-security/2008/08/19/1
http://www.openwall.com/lists/oss-security/2008/08/20/3
http://www.securityfocus.com/bid/30750
https://exchange.xforce.ibmcloud.com/vulnerabilities/44569

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-08-27T15:00:00

Updated: 2024-08-07T09:52:59.280Z

Reserved: 2008-08-20T00:00:00

Link: CVE-2008-3747

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-08-27T15:21:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-3747

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object