CVE-2011-4898 in WordPressinformazioni

Riassunto

di MITRE

** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

23/12/2011

Divulgazione

30/01/2012

Moderazione

accettato

Voce

VDB-60053

CPE

pronto

CWE

CWE-200 (confermato)

Sfruttamento

Scaricare

CVSS

5.0 (NVD)

EPSS

0.09551

KEV

Attività

molto basso

Settore

Hostingprovider, Lawfirm, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-4898
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4898
CVE Details	https://www.cvedetails.com/cve/CVE-2011-4898/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you know our Splunk app?

Download it now for free!