Lucene search
HistoryJul 10, 2009 - 9:00 p.m.
CVE-2009-2432
cve-2009-2432
wordpress
wordpress mu
sensitive information disclosure
security vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.9%
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
Affected configurations
Node
wordpresswordpressRange≤2.7.1
ORwordpresswordpressMatch0.6.2
ORwordpresswordpressMatch0.6.2beta_2
ORwordpresswordpressMatch0.6.2.1
ORwordpresswordpressMatch0.6.2.1beta_2
ORwordpresswordpressMatch0.7
ORwordpresswordpressMatch0.71
ORwordpresswordpressMatch0.71-gold
ORwordpresswordpressMatch0.72
ORwordpresswordpressMatch0.72beta1
ORwordpresswordpressMatch0.72beta2
ORwordpresswordpressMatch0.72rc1
ORwordpresswordpressMatch0.711
ORwordpresswordpressMatch1.0
ORwordpresswordpressMatch1.0rc1
ORwordpresswordpressMatch1.0rc2
ORwordpresswordpressMatch1.0rc3
ORwordpresswordpressMatch1.0rc4
ORwordpresswordpressMatch1.0-platinum
ORwordpresswordpressMatch1.0.1
ORwordpresswordpressMatch1.0.1-miles
ORwordpresswordpressMatch1.0.2
ORwordpresswordpressMatch1.0.2-blakey
ORwordpresswordpressMatch1.2
ORwordpresswordpressMatch1.2beta
ORwordpresswordpressMatch1.2-delta
ORwordpresswordpressMatch1.2-mingus
ORwordpresswordpressMatch1.2.1
ORwordpresswordpressMatch1.2.2
ORwordpresswordpressMatch1.3.1
ORwordpresswordpressMatch1.4
ORwordpresswordpressMatch1.5
ORwordpresswordpressMatch1.5-strayhorn
ORwordpresswordpressMatch1.5.1
ORwordpresswordpressMatch1.5.1.1
ORwordpresswordpressMatch1.5.1.2
ORwordpresswordpressMatch1.5.1.3
ORwordpresswordpressMatch1.5.2
ORwordpresswordpressMatch1.6
ORwordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.3
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
ORwordpresswordpressMatch2.0.6
ORwordpresswordpressMatch2.0.7
ORwordpresswordpressMatch2.0.8
ORwordpresswordpressMatch2.0.9
ORwordpresswordpressMatch2.0.10
ORwordpresswordpressMatch2.0.10_rc1
ORwordpresswordpressMatch2.0.10_rc2
ORwordpresswordpressMatch2.0.11
ORwordpresswordpressMatch2.1
ORwordpresswordpressMatch2.1alpha_3
ORwordpresswordpressMatch2.1.1
ORwordpresswordpressMatch2.1.2
ORwordpresswordpressMatch2.1.3
ORwordpresswordpressMatch2.1.3_rc1
ORwordpresswordpressMatch2.1.3_rc2
ORwordpresswordpressMatch2.2
ORwordpresswordpressMatch2.2.0
ORwordpresswordpressMatch2.2.1
ORwordpresswordpressMatch2.2.2
ORwordpresswordpressMatch2.2.3
ORwordpresswordpressMatch2.2_revision5002
ORwordpresswordpressMatch2.2_revision5003
ORwordpresswordpressMatch2.3
ORwordpresswordpressMatch2.3beta3
ORwordpresswordpressMatch2.3rc1
ORwordpresswordpressMatch2.3.1
ORwordpresswordpressMatch2.3.1rc1
ORwordpresswordpressMatch2.3.2
ORwordpresswordpressMatch2.3.3
ORwordpresswordpressMatch2.5
ORwordpresswordpressMatch2.5.1
ORwordpresswordpressMatch2.6
ORwordpresswordpressMatch2.6.1
ORwordpresswordpressMatch2.6.3
ORwordpresswordpressMatch2.6.5
ORwordpresswordpress_muRange≤2.7
ORwordpresswordpress_muMatch1.1
ORwordpresswordpress_muMatch1.1.1
ORwordpresswordpress_muMatch1.2
ORwordpresswordpress_muMatch1.2.1
ORwordpresswordpress_muMatch1.2.2
ORwordpresswordpress_muMatch1.2.3
ORwordpresswordpress_muMatch1.2.4
ORwordpresswordpress_muMatch1.2.4rc1
ORwordpresswordpress_muMatch1.2.5a
ORwordpresswordpress_muMatch1.3
ORwordpresswordpress_muMatch1.3.1
ORwordpresswordpress_muMatch1.3.2
ORwordpresswordpress_muMatch1.3.3
ORwordpresswordpress_muMatch1.5rc1
ORwordpresswordpress_muMatch1.5.1
ORwordpresswordpress_muMatch2.6
ORwordpresswordpress_muMatch2.6.1
ORwordpresswordpress_muMatch2.6.2
ORwordpresswordpress_muMatch2.6.3
ORwordpresswordpress_muMatch2.6.5
References
Related
prion
prion
Information disclosure
2009-07-10 21:00:00
debiancve
debiancve
CVE-2009-2432
2009-07-10 21:00:00
ubuntucve
ubuntucve
CVE-2009-2432
2009-07-10 00:00:00
cvelist
cvelist
CVE-2009-2432
2009-07-10 20:25:00
patchstack
patchstack
WordPress <= 2.8.0 - Multiple vulnerabilities
2009-07-10 00:00:00
nvd
nvd
CVE-2009-2432
2009-07-10 21:00:00
openvas
openvas
WordPress / WordPress MU Multiple Vulnerabilities (Jul 2009)
2009-07-18 00:00:00
WordPress Multiple Vulnerabilities (Jul 2009)
2009-07-18 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.9%
Related for CVE-2009-2432