Hi Markus,
Thankyou for the bug report. I was aware of this bug but haven't seen
anything from the WordPress upstream yet. I'll give them a few days to see
if they bring out an official patch or not.
This only seems to work for IP based virtual hosts. If your wordpress
server uses named virtual
Package: wordpress
X-Debbugs-CC: t...@security.debian.org
secure-testing-t...@lists.alioth.debian.org
Severity: important
Tags: security
Hi,
the following vulnerability was published for wordpress.
CVE-2017-8295[0]:
| WordPress through 4.7.4 relies on the Host HTTP header for a
| password-reset
2 matches
Mail list logo
