NVD

Id
35859  
Name
CVE-2014-9038  
Description
wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-11-25  
Modified Date
2015-10-05  
Seq
2014-9038  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
183617 35859 CVE-2014-9038 http://advisories.mageia.org/MGASA-2014-0493.html  View
183618 35859 CVE-2014-9038 [oss-security] 20141125 Re: WordPress 4.0.1 Security Release  View
183619 35859 CVE-2014-9038 DSA-3085  View
183620 35859 CVE-2014-9038 MDVSA-2014:233  View
183621 35859 CVE-2014-9038 1031243  View
183622 35859 CVE-2014-9038 https://core.trac.wordpress.org/changeset/30444  View
183623 35859 CVE-2014-9038 https://wordpress.org/news/2014/11/wordpress-4-0-1/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16785 JVNDB-2014-005660 WordPress の wp-includes/http.php におけるサーバサイドのリクエストフォージェリの脆弱性 WordPress の wp-includes/http.php には、サーバサイドのリクエストフォージェリの脆弱性が存在します。 CVE-2014-9038 76331 CVE-2014-9038 35859 6.4 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005660.html 2014-11-20 2015-05-25 View