[wp-trac] [WordPress Trac] #10980: DoS in wp-trackbacks
WordPress Trac
wp-trac at lists.automattic.com
Wed Oct 21 15:40:49 UTC 2009
#10980: DoS in wp-trackbacks
--------------------------+-------------------------------------------------
Reporter: gomex | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Changes (by Otto42):
* priority: high => normal
* severity: critical => normal
Comment:
Correction: The behavior of "trim" prevents the array possibility from
working in this case, however I get different results with different
versions of PHP.
I suggest that this approach still be patched, as relying on undocumented
(and unpredictable) behavior to prevent a security problem is not a great
idea.
However, the issue is not a critical one, as I cannot find a way to
exploit 2.8.5 in this manner as of yet. I still think it's possible, but
it's not trivial to do.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10980#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list