Ubuntu.comUB:CVE-2014-9037

HistoryNov 25, 2014 - 12:00 a.m.

CVE-2014-9037

2014-11-2500:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

JSON

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x
before 4.0.1 might allow remote attackers to obtain access to an account
idle since 2008 by leveraging an improper PHP dynamic type comparison for
an MD5 hash.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425>

References

www.openwall.com/lists/oss-security/2014/11/25/12

launchpad.net/bugs/cve/CVE-2014-9037

nvd.nist.gov/vuln/detail/CVE-2014-9037

security-tracker.debian.org/tracker/CVE-2014-9037

wordpress.org/news/2014/11/wordpress-4-0-1/

www.cve.org/CVERecord?id=CVE-2014-9037

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for UB:CVE-2014-9037