admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-54xx/CVE-2017-5493.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

144 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-5493",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-01-15T02:59:03.077",
"lastModified": "2019-10-03T00:03:26.223",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup."
},
{
"lang": "es",
"value": "wp-includes/ms-functions.php en la API Multisite WordPress en WordPress en versiones anteriores a 4.7.1 no elige adecuadamente los n\u00fameros aleatorios para claves, lo que hace que m\u00e1s f\u00e1cil para atacantes remotos eludir las restricciones destinadas al acceso a trav\u00e9s de una inscripci\u00f3n del (1) sitio o (2) usuario manipulado."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-338"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.7",
"matchCriteriaId": "5C55F44C-4A71-4C47-9908-071A23D46939"
}
]
}
]
}
],
"references": [
{
"url": "http://www.debian.org/security/2017/dsa-3779",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2017/01/14/6",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/95401",
"source": "cve@mitre.org"
},
{
"url": "http://www.securitytracker.com/id/1037591",
"source": "cve@mitre.org"
},
{
"url": "https://codex.wordpress.org/Version_4.7.1",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://wpvulndb.com/vulnerabilities/8721",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink