Lucene search

K

GoogleOSV:CVE-2017-5493

HistoryJan 15, 2017 - 2:59 a.m.

CVE-2017-5493

2017-01-1502:59:03

Google

osv.dev

8

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

79.6%

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.

References

www.debian.org/security/2017/dsa-3779

www.openwall.com/lists/oss-security/2017/01/14/6

www.securityfocus.com/bid/95401

www.securitytracker.com/id/1037591

codex.wordpress.org/Version_4.7.1

github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4

wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/

wpvulndb.com/vulnerabilities/8721

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

79.6%

Related for OSV:CVE-2017-5493

wpvulndb1 debiancve1 cve1 nvd1 cvelist1 ubuntucve1 prion1 freebsd1 nessus16 openvas5 debian4 osv2 archlinux1