mailing list archives
CVE Request: W3 Total Cache - public cache exposure
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Fri, 28 Dec 2012 09:04:49 +0100
W3 Total Cache: http://wordpress.org/extend/plugins/w3-total-cache/
CVE request for three separate issues:
1. Cache allows directory listing of hash-key listings, exposing hash keys.
2. Hash keys are easily predictable, in the case of (1) not existing.
3. Cached database values are downloadable by their hash keys on the public
internet, exposing sensitive information like password hashes.
Fixing (3) mitigates (1) and (2), so assign this either three CVEs or one
The vendor, copied on this email, currently has not issued a fix.
- CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 28)