CVE

Id
76339  
CVE No.
CVE-2014-9038  
Status
Candidate  
Description
wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.  
Phase
Assigned (20141120)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
703547 76339 CVE-2014-9038 MLIST:[oss-security] 20141125 Re: WordPress 4.0.1 Security Release  View
703548 76339 CVE-2014-9038 URL:http://openwall.com/lists/oss-security/2014/11/25/12  View
703549 76339 CVE-2014-9038 CONFIRM:https://core.trac.wordpress.org/changeset/30444  View
703550 76339 CVE-2014-9038 CONFIRM:https://wordpress.org/news/2014/11/wordpress-4-0-1/  View
703551 76339 CVE-2014-9038 CONFIRM:http://advisories.mageia.org/MGASA-2014-0493.html  View
703552 76339 CVE-2014-9038 DEBIAN:DSA-3085  View
703553 76339 CVE-2014-9038 URL:http://www.debian.org/security/2014/dsa-3085  View
703554 76339 CVE-2014-9038 MANDRIVA:MDVSA-2014:233  View
703555 76339 CVE-2014-9038 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:233  View
703556 76339 CVE-2014-9038 SECTRACK:1031243  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
18966 JVNDB-2014-007841 ownCloud Server の OC_Util::getUrlContent 関数における任意のファイルを読まれる脆弱性 ownCloud Server の OC_Util::getUrlContent 関数には、任意のファイルを読まれる脆弱性が存在します。 CVE-2014-9046 76339 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007841.html  View