Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2009-AVI-281
Vulnerability from certfr_avis
Plusieurs vulnérabilités permettant, entre autres, la réalisation d'injection de code indirecte et de contourner la politique de sécurité ont été corrigées.
Description
Plusieurs vulnérabilités ont été corrigées dont une concernant un défaut de traitement des URL. Elle permet d'accéder à des données confidentielles au moyen d'une URL spécialement écrite et cela au détriement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WordPress version MU 2.7.1 et ant\u00e9rieures.",
"product": {
"name": "WordPress",
"vendor": {
"name": "WordPress",
"scada": false
}
}
},
{
"description": "WordPress version 2.8.1 et ant\u00e9rieures ;",
"product": {
"name": "WordPress",
"vendor": {
"name": "WordPress",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dont une concernant un d\u00e9faut\nde traitement des URL. Elle permet d\u0027acc\u00e9der \u00e0 des donn\u00e9es\nconfidentielles au moyen d\u0027une URL sp\u00e9cialement \u00e9crite et cela au\nd\u00e9triement de la politique de s\u00e9curit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2334",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2334"
},
{
"name": "CVE-2009-2336",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2336"
},
{
"name": "CVE-2009-2335",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2335"
}
],
"initial_release_date": "2009-07-16T00:00:00",
"last_revision_date": "2009-07-16T00:00:00",
"links": [
{
"title": "Bulletin de mise \u00e0 jour WordPress 2.8.1 du 09 juillet 2009 :",
"url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
}
],
"reference": "CERTA-2009-AVI-281",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant, entre autres, la r\u00e9alisation\nd\u0027injection de code indirecte et de contourner la politique de s\u00e9curit\u00e9\nont \u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans WordPress",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de mise \u00e0 jour WordPress 2.8.1 du 9 juillet 2009",
"url": null
}
]
}
CVE-2009-2334 (GCVE-0-2009-2334)
Vulnerability from cvelistv5
Published
2009-07-10 20:25
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "DSA-1871",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55712"
},
{
"name": "35584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35584"
},
{
"name": "55715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55715"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "DSA-1871",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55712"
},
{
"name": "35584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35584"
},
{
"name": "55715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55715"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-8538",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"name": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked",
"refsource": "MISC",
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "http://wordpress.org/development/2009/07/wordpress-2-8-1/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "DSA-1871",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "FEDORA-2009-8529",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55712",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55712"
},
{
"name": "35584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35584"
},
{
"name": "55715",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55715"
},
{
"name": "9110",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2334",
"datePublished": "2009-07-10T20:25:00",
"dateReserved": "2009-07-05T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2335 (GCVE-0-2009-2335)
Vulnerability from cvelistv5
Published
2009-07-10 20:25
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55713"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55713"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-8538",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"name": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked",
"refsource": "MISC",
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55713",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55713"
},
{
"name": "9110",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "35581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2335",
"datePublished": "2009-07-10T20:25:00",
"dateReserved": "2009-07-05T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2336 (GCVE-0-2009-2336)
Vulnerability from cvelistv5
Published
2009-07-10 20:25
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:56.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "55714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55714"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "55714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55714"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-8538",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"name": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked",
"refsource": "MISC",
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "9110",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "55714",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55714"
},
{
"name": "35581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2336",
"datePublished": "2009-07-10T20:25:00",
"dateReserved": "2009-07-05T00:00:00",
"dateUpdated": "2024-08-07T05:44:56.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…