Lucene search
HistoryDec 27, 2012 - 11:47 a.m.
CVE-2012-5868
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
64.4%
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator’s logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
Affected configurations
Node
wordpresswordpressMatch3.4.2
Related
seebug
seebug
WordPress 'wp-login.php'安全绕过漏洞(CVE-2012-5868)
2012-12-24 00:00:00
ubuntucve
ubuntucve
CVE-2012-5868
2012-12-27 00:00:00
cve
cve
CVE-2012-5868
2012-12-27 11:47:01
wpvulndb
wpvulndb
WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
2014-09-17 13:32:43
debiancve
debiancve
CVE-2012-5868
2012-12-27 11:47:01
patchstack
patchstack
WordPress <= 3.4.2
2012-11-14 00:00:00
prion
prion
Design/Logic Flaw
2012-12-27 11:47:00
cvelist
cvelist
CVE-2012-5868
2012-12-27 11:00:00
openvas
openvas
WordPress <= 3.4.2 Multiple Vulnerabilities
2022-12-08 00:00:00
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
64.4%
Related for NVD:CVE-2012-5868