Vulnerability CVE-2014-9037
Published: 2014-11-25   Modified: 2014-11-26

Description:
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Wordpress -> Wordpress 
Mageia project -> Mageia 
Debian -> Debian linux 

 References:
https://wordpress.org/news/2014/11/wordpress-4-0-1/
http://www.securitytracker.com/id/1031243
http://www.mandriva.com/security/advisories?name=MDVSA-2014:233
http://www.debian.org/security/2014/dsa-3085
http://openwall.com/lists/oss-security/2014/11/25/12
http://advisories.mageia.org/MGASA-2014-0493.html
Copyright 2024, cxsecurity.com

 

Back to Top