Lucene search
MitreCVE-2012-0937HistoryJan 30, 2012 - 5:55 p.m.
CVE-2012-0937
2012-01-3017:55:01
mitre
web.nvd.nist.gov
53
cve-2012-0937
wordpress
mysql
brute-force attacks
denial of service
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.6
Confidence
Low
EPSS
0.008
Percentile
82.4%
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time
Affected configurations
Node
wordpresswordpressRange≤3.3.1
ORwordpresswordpressMatch0.7
ORwordpresswordpressMatch0.71
ORwordpresswordpressMatch0.72
ORwordpresswordpressMatch0.711
ORwordpresswordpressMatch1.0
ORwordpresswordpressMatch1.0.1
ORwordpresswordpressMatch1.0.2
ORwordpresswordpressMatch1.2
ORwordpresswordpressMatch1.2.1
ORwordpresswordpressMatch1.2.2
ORwordpresswordpressMatch1.5
ORwordpresswordpressMatch1.5.1
ORwordpresswordpressMatch1.5.1.2
ORwordpresswordpressMatch1.5.1.3
ORwordpresswordpressMatch1.5.2
ORwordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.3
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
ORwordpresswordpressMatch2.0.6
ORwordpresswordpressMatch2.0.7
ORwordpresswordpressMatch2.0.8
ORwordpresswordpressMatch2.0.9
ORwordpresswordpressMatch2.0.10
ORwordpresswordpressMatch2.0.11
ORwordpresswordpressMatch2.1
ORwordpresswordpressMatch2.1.1
ORwordpresswordpressMatch2.1.2
ORwordpresswordpressMatch2.1.3
ORwordpresswordpressMatch2.2
ORwordpresswordpressMatch2.2.1
ORwordpresswordpressMatch2.2.2
ORwordpresswordpressMatch2.2.3
ORwordpresswordpressMatch2.3
ORwordpresswordpressMatch2.3.1
ORwordpresswordpressMatch2.3.2
ORwordpresswordpressMatch2.3.3
ORwordpresswordpressMatch2.5
ORwordpresswordpressMatch2.5.1
ORwordpresswordpressMatch2.6
ORwordpresswordpressMatch2.6.1
ORwordpresswordpressMatch2.6.2
ORwordpresswordpressMatch2.6.3
ORwordpresswordpressMatch2.6.5
ORwordpresswordpressMatch2.7
ORwordpresswordpressMatch2.7.1
ORwordpresswordpressMatch2.8
ORwordpresswordpressMatch2.8.1
ORwordpresswordpressMatch2.8.2
ORwordpresswordpressMatch2.8.3
ORwordpresswordpressMatch2.8.4
ORwordpresswordpressMatch2.8.5
ORwordpresswordpressMatch2.8.6
ORwordpresswordpressMatch2.9
ORwordpresswordpressMatch2.9.1
ORwordpresswordpressMatch2.9.2
ORwordpresswordpressMatch3.0
ORwordpresswordpressMatch3.0.1
ORwordpresswordpressMatch3.0.2
ORwordpresswordpressMatch3.0.3
ORwordpresswordpressMatch3.0.4
ORwordpresswordpressMatch3.0.5
ORwordpresswordpressMatch3.0.6
ORwordpresswordpressMatch3.1
ORwordpresswordpressMatch3.1.1
ORwordpresswordpressMatch3.1.2
ORwordpresswordpressMatch3.1.3
ORwordpresswordpressMatch3.1.4
ORwordpresswordpressMatch3.2.1
ORwordpresswordpressMatch3.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.7 | cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.71 | cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.72 | cpe:2.3:a:wordpress:wordpress:0.72:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.711 | cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0 | cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.1 | cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.2 | cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2 | cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.1 | cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2012-0937
2012-01-30 17:00:00
CVE-2011-4898
2012-01-30 17:00:00
debiancve
debiancve
CVE-2012-0937
2012-01-30 17:55:01
CVE-2011-4898
2012-01-30 17:55:00
prion
prion
Design/Logic Flaw
2012-01-30 17:55:00
Design/Logic Flaw
2012-01-30 17:55:00
nvd
nvd
CVE-2012-0937
2012-01-30 17:55:01
CVE-2011-4898
2012-01-30 17:55:00
ubuntucve
ubuntucve
CVE-2012-0937
2012-01-30 00:00:00
CVE-2011-4898
2012-01-30 00:00:00
exploitdb
exploitdb
WordPress Core 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
patchstack
patchstack
WordPress <= 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
cve
cve
CVE-2011-4898
2012-01-30 17:55:00
nessus
nessus
WordPress < 3.3.2 Multiple Vulnerabilities
2012-05-09 00:00:00
exploitpack
exploitpack
WordPress 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
packetstorm
packetstorm
WordPress 3.3.1 Code Execution / Cross Site Scripting
2012-01-25 00:00:00
seebug
seebug
wordpress <= 3.3.1 - Multiple Vulnerabilities
2014-07-01 00:00:00
WordPress 3.3.1 Code Execution / Cross Site Scripting
2012-01-25 00:00:00
securityvulns
securityvulns
TWSL2012-002: Multiple Vulnerabilities in WordPress
2012-02-13 00:00:00
zdt
zdt
WordPress <= 3.3.1 Multiple Vulnerabilities
2012-01-25 00:00:00
openvas
openvas
WordPress 'setup-config.php' Multiple Vulnerabilities
2012-02-01 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.6
Confidence
Low
EPSS
0.008
Percentile
82.4%
Related for CVE-2012-0937