PRIOn knowledge basePRION:CVE-2009-2335

HistoryJul 10, 2009 - 9:00 p.m.

Design/Logic Flaw

2009-07-1021:00:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.969 High

EPSS

Percentile

99.7%

JSON

WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for “user convenience.”

CPENameOperatorVersion
wordpresslt2.8.1
wordpress_mult2.8.1

CPE	Name	Operator	Version
	wordpress	lt	2.8.1
	wordpress_mu	lt	2.8.1

References

corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked

securitytracker.com/id?1022528

www.osvdb.org/55713

www.securityfocus.com/archive/1/504795/100/0/threaded

www.securityfocus.com/bid/35581

www.vupen.com/english/advisories/2009/1833

www.exploit-db.com/exploits/9110

www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.969 High

EPSS

Percentile

99.7%

JSON

Related for PRION:CVE-2009-2335