CVE-2017-11658CVE-2017-11658

Affected configuration(s):

cpe:/a:wp-rocket:wp-rocket:1.3.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:1.3.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:1.3.2::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:1.3.3::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:1.3.4::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:1.3.5::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:1.3.6::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:1.3.7::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.0.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.0.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.0.2::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.0.3::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.0.4::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.0.5::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.1.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.1.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.2.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.2.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.2.2::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.2.3::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.2::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.3::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.4::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.5::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.6::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.7::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.8::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.9::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.10::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.3.11::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.4.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.4.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.4.2::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.2::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.3::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.4::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.5::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.6::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.7::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.8::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.9::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.10::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.11::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.5.12::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.1.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.2::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.3::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.4::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.5::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.6::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.7::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.8::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.9::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.10::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.11::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.12::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.13::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.14::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.15::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.6.16::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.7.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.7.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.7.2::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.7.3::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.7.4::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.2::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.3::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.4::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.5::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.6::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.7::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.8::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.9::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.10::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.11::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.12::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.13::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.14::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.15::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.16::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.17::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.18::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.19::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.20::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.21::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.8.23::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.2::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.3::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.4::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.5::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.6::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.7::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.8::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.8.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.9::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.10::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.9.11::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.10.0::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.10.1::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.10.2::~~~wordpress~~
cpe:/a:wp-rocket:wp-rocket:2.10.3::~~~wordpress~~

Date published: 2017-07-26T11:29:00.250-04:00

Date last modified: 2017-08-04T10:20:44.010-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890

Summary: In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) — however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00…/.%00…/ attack.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.