Lucene search

Tenable5096.PRM

HistoryAug 18, 2004 - 12:00 a.m.

WordPress < 2.8.1 Multiple Vulnerabilities

2004-08-1800:00:00

Tenable

www.tenable.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.969

Percentile

99.7%

JSON

The remote host is running a version of WordPress earlier than 2.8.1. Such versions are reportedly affected by multiple vulnerabilities :

A username enumeration weakness caused by the application displaying different responses to login requests depending on the existence of the supplied username. (CVE-2009-2334)
A security-bypass vulnerability in the ‘wp-admin/admin.php’ script when it is called with the ‘pages’ parameter set to a plug-in configuration page. An authenticated attacker could exploit this to gain access to configuration scripts. (CVE-2009-2335)

Binary data 5096.prm

VendorProductVersionCPE
wordpresswordpresscpe:/a:wordpress:wordpress

Vendor	Product	Version	CPE
wordpress	wordpress		cpe:/a:wordpress:wordpress

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2335

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2336

www.securityfocus.com/archive/1/504795/30/0/threaded

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.969

Percentile

99.7%

JSON

Related for 5096.PRM