Lucene search
MitreCVE-2011-4898HistoryJan 30, 2012 - 5:55 p.m.
CVE-2011-4898
2012-01-3017:55:00
CWE-200
mitre
web.nvd.nist.gov
42
cve-2011-4898
wordpress
wordpress 3.3.1
installation component
error messages
mysql
remote attackers
brute-force attacks
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.3
Confidence
Low
EPSS
0.008
Percentile
82.4%
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective
Affected configurations
Node
wordpresswordpressRange≤3.3.1
ORwordpresswordpressMatch0.7
ORwordpresswordpressMatch0.71
ORwordpresswordpressMatch0.72
ORwordpresswordpressMatch0.711
ORwordpresswordpressMatch1.0
ORwordpresswordpressMatch1.0.1
ORwordpresswordpressMatch1.0.2
ORwordpresswordpressMatch1.2
ORwordpresswordpressMatch1.2.1
ORwordpresswordpressMatch1.2.2
ORwordpresswordpressMatch1.5
ORwordpresswordpressMatch1.5.1
ORwordpresswordpressMatch1.5.1.2
ORwordpresswordpressMatch1.5.1.3
ORwordpresswordpressMatch1.5.2
ORwordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.3
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
ORwordpresswordpressMatch2.0.6
ORwordpresswordpressMatch2.0.7
ORwordpresswordpressMatch2.0.8
ORwordpresswordpressMatch2.0.9
ORwordpresswordpressMatch2.0.10
ORwordpresswordpressMatch2.0.11
ORwordpresswordpressMatch2.1
ORwordpresswordpressMatch2.1.1
ORwordpresswordpressMatch2.1.2
ORwordpresswordpressMatch2.1.3
ORwordpresswordpressMatch2.2
ORwordpresswordpressMatch2.2.1
ORwordpresswordpressMatch2.2.2
ORwordpresswordpressMatch2.2.3
ORwordpresswordpressMatch2.3
ORwordpresswordpressMatch2.3.1
ORwordpresswordpressMatch2.3.2
ORwordpresswordpressMatch2.3.3
ORwordpresswordpressMatch2.5
ORwordpresswordpressMatch2.5.1
ORwordpresswordpressMatch2.6
ORwordpresswordpressMatch2.6.1
ORwordpresswordpressMatch2.6.2
ORwordpresswordpressMatch2.6.3
ORwordpresswordpressMatch2.6.5
ORwordpresswordpressMatch2.7
ORwordpresswordpressMatch2.7.1
ORwordpresswordpressMatch2.8
ORwordpresswordpressMatch2.8.1
ORwordpresswordpressMatch2.8.2
ORwordpresswordpressMatch2.8.3
ORwordpresswordpressMatch2.8.4
ORwordpresswordpressMatch2.8.5
ORwordpresswordpressMatch2.8.6
ORwordpresswordpressMatch2.9
ORwordpresswordpressMatch2.9.1
ORwordpresswordpressMatch2.9.2
ORwordpresswordpressMatch3.0
ORwordpresswordpressMatch3.0.1
ORwordpresswordpressMatch3.0.2
ORwordpresswordpressMatch3.0.3
ORwordpresswordpressMatch3.0.4
ORwordpresswordpressMatch3.0.5
ORwordpresswordpressMatch3.0.6
ORwordpresswordpressMatch3.1
ORwordpresswordpressMatch3.1.1
ORwordpresswordpressMatch3.1.2
ORwordpresswordpressMatch3.1.3
ORwordpresswordpressMatch3.1.4
ORwordpresswordpressMatch3.2.1
ORwordpresswordpressMatch3.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.7 | cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.71 | cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.72 | cpe:2.3:a:wordpress:wordpress:0.72:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.711 | cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0 | cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.1 | cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.2 | cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2 | cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.1 | cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:* |
Related
patchstack
patchstack
WordPress <= 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
nvd
nvd
CVE-2011-4898
2012-01-30 17:55:00
CVE-2012-0937
2012-01-30 17:55:01
prion
prion
Design/Logic Flaw
2012-01-30 17:55:00
Design/Logic Flaw
2012-01-30 17:55:00
debiancve
debiancve
CVE-2011-4898
2012-01-30 17:55:00
CVE-2012-0937
2012-01-30 17:55:01
cvelist
cvelist
CVE-2011-4898
2012-01-30 17:00:00
CVE-2012-0937
2012-01-30 17:00:00
ubuntucve
ubuntucve
CVE-2011-4898
2012-01-30 00:00:00
CVE-2012-0937
2012-01-30 00:00:00
cve
cve
CVE-2012-0937
2012-01-30 17:55:01
exploitpack
exploitpack
WordPress 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
packetstorm
packetstorm
WordPress 3.3.1 Code Execution / Cross Site Scripting
2012-01-25 00:00:00
seebug
seebug
wordpress <= 3.3.1 - Multiple Vulnerabilities
2014-07-01 00:00:00
WordPress 3.3.1 Code Execution / Cross Site Scripting
2012-01-25 00:00:00
securityvulns
securityvulns
TWSL2012-002: Multiple Vulnerabilities in WordPress
2012-02-13 00:00:00
zdt
zdt
WordPress <= 3.3.1 Multiple Vulnerabilities
2012-01-25 00:00:00
openvas
openvas
WordPress 'setup-config.php' Multiple Vulnerabilities
2012-02-01 00:00:00
exploitdb
exploitdb
WordPress Core 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
nessus
nessus
WordPress < 3.3.2 Multiple Vulnerabilities
2012-05-09 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.3
Confidence
Low
EPSS
0.008
Percentile
82.4%
Related for CVE-2011-4898