Package: wordpress Version: 3.0.1-2~bpo50+1 Severity: minor Wordpress includes an XML-RPC interface, provided xmlrpc.php If a user agent makes an HTTP GET request for the XML-RPC interface, Wordpress responds with a 200 "OK" response. As the server is declining to accept a GET, this should really be HTTP 405 "Method Not Allowed" with a suitable Allow: header.
Here's an example HTTP response: HTTP/1.1 200 OK Date: Sun, 26 Sep 2010 16:59:05 GMT Server: Apache/2.2 Cache-Control: max-age=0 Expires: Sun, 26 Sep 2010 16:59:05 GMT Transfer-Encoding: chunked Content-Type: text/plain; charset=UTF-8 XML-RPC server accepts POST requests only. -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32.20-kvm-i386-20100823 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages wordpress depends on: ii apache2-mpm-worker 2.2.9-10+lenny8 Apache HTTP Server - high speed th ii libjs-cropper 1.2.0-1 JavaScript image cropper UI ii libjs-jquery 1.4.2-2~bpo50+1 JavaScript library for dynamic web ii libjs-prototype 1.6.0.2-4 JavaScript Framework for dynamic w ii libjs-scriptaculou 1.8.1-5 JavaScript library for dynamic web ii libphp-phpmailer 1.73-6 full featured email transfer class ii libphp-snoopy 1.2.4-1 Snoopy is a PHP class that simulat ii mysql-client-5.0 [ 5.0.51a-24+lenny4 MySQL database client binaries ii php-gettext 1.0.7-6 read gettext MO files directly, wi ii php5 5.2.6.dfsg.1-1+lenny9 server-side, HTML-embedded scripti ii php5-gd 5.2.6.dfsg.1-1+lenny9 GD module for php5 ii php5-mysql 5.2.6.dfsg.1-1+lenny9 MySQL module for php5 ii tinymce 3.3.8-1~bpo50+1 platform independent web based Jav Versions of packages wordpress recommends: ii wordpress-l10n 3.0.1-2~bpo50+1 weblog manager - language files Versions of packages wordpress suggests: ii mysql-server-5.0 [mysq 5.0.51a-24+lenny4 MySQL database server binaries -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
