Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-2336
HistoryJul 10, 2009 - 9:00 p.m.

CVE-2009-2336

2009-07-1021:00:00
CWE-16
[email protected]
web.nvd.nist.gov
6

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

79.7%

JSON

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for โ€œuser convenience.โ€

Affected configurations

Nvd
Node
wordpresswordpressRange<2.8.1
OR
wordpresswordpress_muRange<2.8.1
VendorProductVersionCPE
wordpresswordpress*cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
wordpresswordpress_mu*cpe:2.3:a:wordpress:wordpress_mu:*:*:*:*:*:*:*:*

Related

patchstack 1
prion 1
cvelist 1
debiancve 1
cve 1
ubuntucve 1
seebug 3
fedora 4
nessus 4
openvas 13
securityvulns 2
packetstorm 1
exploitpack 1
zdt 1
exploitdb 1
patchstack
patchstack
WordPress <= 2.8.0 - Multiple Existing/Non-Existing Username Enumeration Weaknesses
2009-07-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2009-07-10 21:00:00
cvelist
cvelist
CVE-2009-2336
2009-07-10 20:25:00
debiancve
debiancve
CVE-2009-2336
2009-07-10 21:00:00
cve
cve
CVE-2009-2336
2009-07-10 21:00:00
ubuntucve
ubuntucve
CVE-2009-2336
2009-07-10 00:00:00
seebug
seebug
WordPressๅฃไปค้‡็ฝฎ็”จๆˆทๅๆžšไธพๆผๆดž
2009-07-10 00:00:00
WordPress Privileges Unchecked in admin.php and Multiple Information
2009-07-10 00:00:00
WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures
2009-07-09 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: wordpress-2.8.1-1.fc10
2009-07-19 10:17:03
[SECURITY] Fedora 11 Update: wordpress-mu-2.8.4a-1.fc11
2009-08-15 08:09:49
[SECURITY] Fedora 11 Update: wordpress-2.8.1-1.fc11
2009-07-19 10:07:19
nessus
nessus
Fedora 10 : wordpress-mu-2.8.4a-1.fc10 (2009-8538)
2009-08-18 00:00:00
Fedora 11 : wordpress-2.8.1-1.fc11 (2009-7701)
2009-07-20 00:00:00
Fedora 11 : wordpress-mu-2.8.4a-1.fc11 (2009-8529)
2009-08-18 00:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-7729 (wordpress)
2009-07-29 00:00:00
Fedora Core 11 FEDORA-2009-7701 (wordpress)
2009-07-29 00:00:00
Fedora Core 11 FEDORA-2009-7701 (wordpress)
2009-07-29 00:00:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2009-07-09 00:00:00
CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
2009-07-09 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2009.0515
2009-07-08 00:00:00
exploitpack
exploitpack
WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures
2009-07-10 00:00:00
zdt
zdt
WordPress Privileges Unchecked in admin.php and Multiple Information
2009-07-10 00:00:00
exploitdb
exploitdb
WordPress Core / MU / Plugins - &#039;/admin.php&#039; Privileges Unchecked / Multiple Information Disclosures
2009-07-10 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

79.7%

JSON
Related for NVD:CVE-2009-2336
patchstack1prion1cvelist1debiancve1cve1ubuntucve1seebug3fedora4nessus4openvas13securityvulns2packetstorm1exploitpack1zdt1exploitdb1