CVE-2014-9037
Summary
| CVE | CVE-2014-9037 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-11-25 23:59:00 UTC |
| Updated | 2016-06-30 16:58:00 UTC |
| Description | WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. |
Risk And Classification
Problem Types: CWE-310
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Mageia Project | Mageia | 3 | All | All | All |
| Operating System | Mageia Project | Mageia | 4 | All | All | All |
| Operating System | Mageia Project | Mageia | 3 | All | All | All |
| Operating System | Mageia Project | Mageia | 4 | All | All | All |
| Application | Wordpress | Wordpress | 3.8 | All | All | All |
| Application | Wordpress | Wordpress | 3.8.1 | All | All | All |
| Application | Wordpress | Wordpress | 3.8.2 | All | All | All |
| Application | Wordpress | Wordpress | 3.8.3 | All | All | All |
| Application | Wordpress | Wordpress | 3.8.4 | All | All | All |
| Application | Wordpress | Wordpress | 3.9 | All | All | All |
| Application | Wordpress | Wordpress | 3.9.1 | All | All | All |
| Application | Wordpress | Wordpress | 3.9.2 | All | All | All |
| Application | Wordpress | Wordpress | 4.0 | All | All | All |
| Application | Wordpress | Wordpress | 3.8 | All | All | All |
| Application | Wordpress | Wordpress | 3.8.1 | All | All | All |
| Application | Wordpress | Wordpress | 3.8.2 | All | All | All |
| Application | Wordpress | Wordpress | 3.8.3 | All | All | All |
| Application | Wordpress | Wordpress | 3.8.4 | All | All | All |
| Application | Wordpress | Wordpress | 3.9 | All | All | All |
| Application | Wordpress | Wordpress | 3.9.1 | All | All | All |
| Application | Wordpress | Wordpress | 3.9.2 | All | All | All |
| Application | Wordpress | Wordpress | 4.0 | All | All | All |
| Application | Wordpress | Wordpress | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| WordPress › WordPress 4.0.1 Security Release | CONFIRM | wordpress.org | Patch, Vendor Advisory |
| oss-security - Re: WordPress 4.0.1 Security Release | MLIST | openwall.com | |
| Debian -- Security Information -- DSA-3085-1 wordpress | DEBIAN | www.debian.org | |
| Support / Security / Advisories / / MDVSA-2014:233 | Mandriva | MANDRIVA | www.mandriva.com | |
| Mageia Advisory: MGASA-2014-0493 - Updated wordpress package fixes security vulnerabilities | CONFIRM | advisories.mageia.org | |
| WordPress Bugs Let Remote Users Conduct Cross-Site Scripting, Cross-Site Request Forgery, and Denial of Service Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.