Lucene search

[email protected]NVD:CVE-2012-2401

HistoryApr 21, 2012 - 11:55 p.m.

CVE-2012-2401

2012-04-2123:55:01

CWE-264

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

JSON

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

Affected configurations

NVD

Node

moxiecodepluploadRange≤1.5.3

moxiecodepluploadMatch1.4.0

moxiecodepluploadMatch1.4.1

moxiecodepluploadMatch1.4.2

moxiecodepluploadMatch1.4.3

moxiecodepluploadMatch1.5.0

moxiecodepluploadMatch1.5.0beta

moxiecodepluploadMatch1.5.1

moxiecodepluploadMatch1.5.2

wordpresswordpressRange≤3.3.1

wordpresswordpressMatch0.71

wordpresswordpressMatch1.0

wordpresswordpressMatch1.0.1

wordpresswordpressMatch1.0.2

wordpresswordpressMatch1.1.1

wordpresswordpressMatch1.2

wordpresswordpressMatch1.2.1

wordpresswordpressMatch1.2.2

wordpresswordpressMatch1.2.3

wordpresswordpressMatch1.2.4

wordpresswordpressMatch1.2.5

wordpresswordpressMatch1.2.5a

wordpresswordpressMatch1.3

wordpresswordpressMatch1.3.2

wordpresswordpressMatch1.3.3

wordpresswordpressMatch1.5

wordpresswordpressMatch1.5.1

wordpresswordpressMatch1.5.1.1

wordpresswordpressMatch1.5.1.2

wordpresswordpressMatch1.5.1.3

wordpresswordpressMatch1.5.2

wordpresswordpressMatch2.0

wordpresswordpressMatch2.0.1

wordpresswordpressMatch2.0.2

wordpresswordpressMatch2.0.4

wordpresswordpressMatch2.0.5

wordpresswordpressMatch2.0.6

wordpresswordpressMatch2.0.7

wordpresswordpressMatch2.0.8

wordpresswordpressMatch2.0.9

wordpresswordpressMatch2.0.10

wordpresswordpressMatch2.0.11

wordpresswordpressMatch2.1

wordpresswordpressMatch2.1.1

wordpresswordpressMatch2.1.2

wordpresswordpressMatch2.1.3

wordpresswordpressMatch2.2

wordpresswordpressMatch2.2.1

wordpresswordpressMatch2.2.2

wordpresswordpressMatch2.2.3

wordpresswordpressMatch2.3

wordpresswordpressMatch2.3.1

wordpresswordpressMatch2.3.2

wordpresswordpressMatch2.3.3

wordpresswordpressMatch2.5

wordpresswordpressMatch2.5.1

wordpresswordpressMatch2.6

wordpresswordpressMatch2.6.1

wordpresswordpressMatch2.6.2

wordpresswordpressMatch2.6.3

wordpresswordpressMatch2.6.5

wordpresswordpressMatch2.7

wordpresswordpressMatch2.7.1

wordpresswordpressMatch2.8

wordpresswordpressMatch2.8.1

wordpresswordpressMatch2.8.2

wordpresswordpressMatch2.8.3

wordpresswordpressMatch2.8.4

wordpresswordpressMatch2.8.4a

wordpresswordpressMatch2.8.5

wordpresswordpressMatch2.8.5.1

wordpresswordpressMatch2.8.5.2

wordpresswordpressMatch2.8.6

wordpresswordpressMatch2.9

wordpresswordpressMatch2.9.1

wordpresswordpressMatch2.9.1.1

wordpresswordpressMatch2.9.2

wordpresswordpressMatch3.0

wordpresswordpressMatch3.0.1

wordpresswordpressMatch3.0.2

wordpresswordpressMatch3.0.3

wordpresswordpressMatch3.0.4

wordpresswordpressMatch3.0.5

wordpresswordpressMatch3.0.6

wordpresswordpressMatch3.1

wordpresswordpressMatch3.1.1

wordpresswordpressMatch3.1.2

wordpresswordpressMatch3.1.3

wordpresswordpressMatch3.3

References

core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487

core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487

osvdb.org/81461

secunia.com/advisories/49138

wordpress.org/news/2012/04/wordpress-3-3-2/

www.debian.org/security/2012/dsa-2470

www.plupload.com/punbb/viewtopic.php?id=1685

www.securityfocus.com/bid/53192

exchange.xforce.ibmcloud.com/vulnerabilities/75208

nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

JSON

Related for NVD:CVE-2012-2401

veracode1 cvelist1 ubuntucve1 patchstack1 prion1 cve2 wpvulndb1 debiancve1 nvd1 freebsd1 openvas11 nessus7 fedora3 osv1 debian1