Описание
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | |
| devel | ignored | |
| esm-apps/bionic | ignored | |
| esm-apps/xenial | ignored | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
Показывать по
2.6 Low
CVSS2
Связанные уязвимости
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upo ...
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
2.6 Low
CVSS2