NVD

Id
32953  
Name
CVE-2014-5204  
Description
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-08-18  
Modified Date
2015-11-25  
Seq
2014-5204  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
172991 32953 CVE-2014-5204 [oss-security] 20140813 Re: WordPress 3.9.2 release - needs CVE"s  View
172992 32953 CVE-2014-5204 DSA-3001  View
172993 32953 CVE-2014-5204 https://core.trac.wordpress.org/changeset/29384  View
172994 32953 CVE-2014-5204 https://wordpress.org/news/2014/08/wordpress-3-9-2/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14971 JVNDB-2014-003846 WordPress の wp-includes/pluggable.php における CSRF 保護メカニズムを回避される脆弱性 WordPress の wp-includes/pluggable.php は、nonce の文字が不正かどうかに応じて、異なるタイミングで不正な CSRF nonce を拒否するため、CSRF 保護メカニズムを回避される脆弱性が存在します。 CVE-2014-5204 72493 CVE-2014-5204 32953 6.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003846.html 2014-08-06 2014-08-19 View