Lucene search
HistoryJan 09, 2007 - 12:28 a.m.
CVE-2007-0109
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.012
Percentile
85.0%
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
Affected configurations
Node
wordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.3
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
References
Related
prion
prion
Information disclosure
2007-01-09 00:28:00
debiancve
debiancve
CVE-2007-0109
2007-01-09 00:28:00
cvelist
cvelist
CVE-2007-0109
2007-01-09 00:00:00
cve
cve
CVE-2007-0109
2007-01-09 00:28:00
ubuntucve
ubuntucve
CVE-2007-0109
2007-01-09 00:00:00
patchstack
patchstack
WordPress <= 2.0.5 - Dictionnary & Bruteforce attack
2007-01-08 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200701-10 (wordpress)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200701-10 (wordpress)
2008-09-24 00:00:00
nessus
nessus
GLSA-200701-10 : WordPress: Multiple vulnerabilities
2007-01-17 00:00:00
gentoo
gentoo
WordPress: Multiple vulnerabilities
2007-01-15 00:00:00
securityvulns
securityvulns
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.012
Percentile
85.0%
Related for NVD:CVE-2007-0109