Lucene search

K

Ubuntu.comUB:CVE-2012-5868

HistoryDec 27, 2012 - 12:00 a.m.

CVE-2012-5868

2012-12-2700:00:00

ubuntu.com

ubuntu.com

8

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.8%

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an
administrator’s logout action, which makes it easier for remote attackers
to discover valid session identifiers via a brute-force attack, or modify
data via a replay attack.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696868>

Notes

Author	Note
ebarretto	non-issue, see: https://wordpress.org/support/topic/old-bug-cve-2012-5868

References

whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout

launchpad.net/bugs/cve/CVE-2012-5868

nvd.nist.gov/vuln/detail/CVE-2012-5868

security-tracker.debian.org/tracker/CVE-2012-5868

www.cve.org/CVERecord?id=CVE-2012-5868

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.8%

Related for UB:CVE-2012-5868

wpvulndb1 debiancve1 patchstack1 prion1 seebug1 cve1 openvas1