security - Fix CVE-2017-5487 vulnerability

admin管理员组

文章数量:1122832

I have a website which is running Wordpress 6.4.2. Today I received a warning from the hosting service that my website is affected by the CVE-2017-5487 vulnerability, and that I have to do something to fix this. I have no idea what that is, a quick Google search suggested to upgrade to Wordpress 4.7.1 or later, but I already have 6.4.2. What can I try?

I have a website which is running Wordpress 6.4.2. Today I received a warning from the hosting service that my website is affected by the CVE-2017-5487 vulnerability, and that I have to do something to fix this. I have no idea what that is, a quick Google search suggested to upgrade to Wordpress 4.7.1 or later, but I already have 6.4.2. What can I try?

• security

Share Improve this question edited Jan 24, 2024 at 14:38 fuxia♦ 107k3838 gold badges255255 silver badges459459 bronze badges asked Jan 24, 2024 at 14:03 user171780user171780 101 3

• 3 Have you asked your host? Are you sure you don’t have an old install somewhere in your account? – Jacob Peattie Commented Jan 24, 2024 at 14:40
• Yes, I asked. Their solution is to put the whole website behind a password protected thing, but this is not good for me because now only people with an account in such system will be able to read, and I use it with students who have no credentials. Also, I am very sure there are no old installations. – user171780 Commented Jan 24, 2024 at 16:21
• Ask them to point you at the specific vulnerability then. If it's from a vulnerability scanner it should give you the file path it's found so you can investigate. You could also look for an exploit script for the CVE to test against your website so you can prove to them you're not impacted. – Rup Commented Jan 24, 2024 at 16:46

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 2

When Wordpress enabled the REST API in Core in version 4.7 it enabled the endpoint /wp-json/wp/v2/users/ to list all users that have posted something to the site. Therefore that endpoint can be used by an attacker to find some or all of the administrator account usernames to target for password cracking which is a potential security risk.

You can add a filter function to your functions.php in the current theme (wp-content/themes/your-theme/functions.php):

add_filter( 'rest_endpoints', 'secure_rest_endpoints' );

function secure_rest_endpoints( $endpoints ) {
    if ( isset( $endpoints['/wp/v2/users'] ) ) {
        unset( $endpoints['/wp/v2/users'] );
    }

    return $endpoints;
}

This will block the users endpoint completely but allow the other parts of the REST API to keep working. You can change it to fit your needs.

https://developer.wordpress.org/reference/hooks/rest_endpoints/

The simplest way to block this exploit would be to add this rewrite rule to your .htaccess file:

RewriteCond %{REQUEST_URI} /wp/v2/users/ [NC]
RewriteRule .* - [F]

You may also want to add a rule to block user enumeration via standard permalink URLs like /?author=1

RewriteCond %{REQUEST_URI} !^/wp-admin [NC]
RewriteCond %{QUERY_STRING} author=(\%|\+|\d)
RewriteRule .* - [F]

本文标签： securityFix CVE20175487 vulnerability