Lucene search
HistoryDec 27, 2012 - 11:47 a.m.
CVE-2012-5868
wordpress
cve-2012-5868
session cookie
logout
remote attack
replay attack
6.7 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
56.8%
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator’s logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress:wordpress | wordpress | eq | 3.4.2 |
Related
wpvulndb
wpvulndb
WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
2014-09-17 13:32:43
debiancve
debiancve
CVE-2012-5868
2012-12-27 11:47:00
patchstack
patchstack
WordPress <= 3.4.2
2012-11-14 00:00:00
prion
prion
Design/Logic Flaw
2012-12-27 11:47:00
seebug
seebug
WordPress 'wp-login.php'安全绕过漏洞(CVE-2012-5868)
2012-12-24 00:00:00
ubuntucve
ubuntucve
CVE-2012-5868
2012-12-27 00:00:00
openvas
openvas
WordPress <= 3.4.2 Multiple Vulnerabilities
2022-12-08 00:00:00
6.7 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
56.8%
Related for CVE-2012-5868