Vulnerability 73919 - CERT Civis.Net

Vulnerability Name:

CCN-73919

Published:

2012-03-11

Updated:

2012-03-11

Summary:

WordPress could allow a remote attacker to obtain sensitive information, cause by a weakness in the profile.php. An attacker could exploit this vulnerability using brute force techniques to enumerate the number of users of the application to possibly launch further attacks against the system.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: Packet Storm Web site
WordPress 3.3.1 User Count Enumeration

Source: CCN
Type: WordPress Web site
WordPress

Source: XF
Type: UNKNOWN
wordpress-count-info-disclosure(73919)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:wordpress:wordpress:3.3.1:*:*:*:*:*:*:*

AND

cpe:/a:wordpress:wordpress:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK