CVE

Id
76338  
CVE No.
CVE-2014-9037  
Status
Candidate  
Description
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.  
Phase
Assigned (20141120)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
703538 76338 CVE-2014-9037 MLIST:[oss-security] 20141125 Re: WordPress 4.0.1 Security Release  View
703539 76338 CVE-2014-9037 URL:http://openwall.com/lists/oss-security/2014/11/25/12  View
703540 76338 CVE-2014-9037 CONFIRM:https://wordpress.org/news/2014/11/wordpress-4-0-1/  View
703541 76338 CVE-2014-9037 CONFIRM:http://advisories.mageia.org/MGASA-2014-0493.html  View
703542 76338 CVE-2014-9037 DEBIAN:DSA-3085  View
703543 76338 CVE-2014-9037 URL:http://www.debian.org/security/2014/dsa-3085  View
703544 76338 CVE-2014-9037 MANDRIVA:MDVSA-2014:233  View
703545 76338 CVE-2014-9037 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:233  View
703546 76338 CVE-2014-9037 SECTRACK:1031243  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
18967 JVNDB-2014-007842 ownCloud Server の user_external の FTP バックエンドにおける認証要件を回避される脆弱性 ownCloud Server の user_external の FTP バックエンドには、認証要件を回避される脆弱性が存在します。 CVE-2014-9045 76338 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007842.html  View