Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198107 Summary: CVE-2006-3390: Wordpress information disclosure Product: Fedora Extras Version: fc5 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3390 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: wordpress AssignedTo: jwb@xxxxxxxxxx ReportedBy: ville.skytta@xxxxxx QAContact: extras-qa@xxxxxxxxxxxxxxxxx CC: extras-qa@xxxxxxxxxxxxxxxxx,fedora-security- list@xxxxxxxxxx WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables. http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3390 This sounds to me like a "not an issue, installation paths are not a secret in Fedora", but a confirmation from someone familiar with Wordpress would be nice. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
