CVE-2011-4898 in WordPress情報

要約

〜によって MITRE

** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

予約する

2011年12月23日

公開

2012年01月30日

モデレーション

承諾済み

エントリ

VDB-60053

CPE

準備完了

CWE

CWE-200 (確認済み)

エクスプロイト

ダウンロード

CVSS

5.0 (NVD)

EPSS

0.09551

KEV

いいえ

アクティビティ

非常低い

セクター

Hostingprovider, Lawfirm, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-4898
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4898
CVE Details	https://www.cvedetails.com/cve/CVE-2011-4898/

◂ 前概要次 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!