Vulnerability Description
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia Project | Mageia | 3 |
| Wordpress | Wordpress | <= 3.7.4 |
| Debian | Debian Linux | 7.0 |
Related Weaknesses (CWE)
References
- http://advisories.mageia.org/MGASA-2014-0493.html
- http://openwall.com/lists/oss-security/2014/11/25/12
- http://www.debian.org/security/2014/dsa-3085
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:233
- http://www.securitytracker.com/id/1031243
- https://wordpress.org/news/2014/11/wordpress-4-0-1/PatchVendor Advisory
- http://advisories.mageia.org/MGASA-2014-0493.html
- http://openwall.com/lists/oss-security/2014/11/25/12
- http://www.debian.org/security/2014/dsa-3085
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:233
- http://www.securitytracker.com/id/1031243
- https://wordpress.org/news/2014/11/wordpress-4-0-1/PatchVendor Advisory
FAQ
What is CVE-2014-9037?
CVE-2014-9037 is a vulnerability with a CVSS score of 6.8 (MEDIUM). WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic t...
How severe is CVE-2014-9037?
CVE-2014-9037 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9037?
Check the references section above for vendor advisories and patch information. Affected products include: Mageia Project Mageia, Wordpress Wordpress, Debian Debian Linux.