CVE-2017-5493

Опубликовано: 15 янв. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.

Ссылки

http://www.debian.org/security/2017/dsa-3779
http://www.openwall.com/lists/oss-security/2017/01/14/6
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/95401
http://www.securitytracker.com/id/1037591
https://codex.wordpress.org/Version_4.7.1
Release Notes
Vendor Advisory
https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
Patch
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Vendor Advisory
https://wpvulndb.com/vulnerabilities/8721
http://www.debian.org/security/2017/dsa-3779
http://www.openwall.com/lists/oss-security/2017/01/14/6
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/95401
http://www.securitytracker.com/id/1037591
https://codex.wordpress.org/Version_4.7.1
Release Notes
Vendor Advisory
https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
Patch
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Vendor Advisory
https://wpvulndb.com/vulnerabilities/8721

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Версия до 4.7 (включая)

EPSS

Процентиль: 81%

0.01668

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-338

Связанные уязвимости

CVE-2017-5493

CVSS3: 7.5

ubuntu

больше 8 лет назад

CVE-2017-5493

CVSS3: 7.5

debian

больше 8 лет назад

wp-includes/ms-functions.php in the Multisite WordPress API in WordPre ...

GHSA-q3gc-45gm-v55m

CVSS3: 7.5

github

около 3 лет назад

EPSS

Процентиль: 81%

0.01668

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-338