Executive Summary

Informations
Name CVE-2014-9039 First vendor Publication 2014-11-25
Vendor Cve Last vendor Modification 2016-06-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-254 Security Features

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28034
 
Oval ID: oval:org.mitre.oval:def:28034
Title: DSA-3085-1 -- wordpress security update
Description: Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at <a href="https://wordpress.org/news/2014/11/wordpress-4-0-1/">https://wordpress.org/news/2014/11/wordpress-4-0-1/</a>
Family: unix Class: patch
Reference(s): DSA-3085-1
CVE-2014-9031
CVE-2014-9033
CVE-2014-9034
CVE-2014-9035
CVE-2014-9036
CVE-2014-9037
CVE-2014-9038
CVE-2014-9039
 Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
 Product(s): wordpress
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 308
Os 2
Os 2

Nessus® Vulnerability Scanner

Date Description
2015-06-02 Name : The remote Debian host is missing a security update.
File : debian_DLA-236.nasl - Type : ACT_GATHER_INFO
2015-01-05 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_5e1351788aeb11e4801f0022156e8794.nasl - Type : ACT_GATHER_INFO
2014-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-15560.nasl - Type : ACT_GATHER_INFO
2014-12-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3085.nasl - Type : ACT_GATHER_INFO
2014-12-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-15507.nasl - Type : ACT_GATHER_INFO
2014-12-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-15526.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2014-233.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote web server contains a PHP application that is affected by multiple...
File : wordpress_4_0_1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://advisories.mageia.org/MGASA-2014-0493.html
http://core.trac.wordpress.org/changeset/30431
https://wordpress.org/news/2014/11/wordpress-4-0-1/
DEBIAN http://www.debian.org/security/2014/dsa-3085
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2014:233
MLIST http://openwall.com/lists/oss-security/2014/11/25/12
SECTRACK http://www.securitytracker.com/id/1031243

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Date Informations
2024-02-02 01:29:31
  • Multiple Updates
2024-02-01 12:08:41
  • Multiple Updates
2023-09-05 12:27:58
  • Multiple Updates
2023-09-05 01:08:33
  • Multiple Updates
2023-09-02 12:27:59
  • Multiple Updates
2023-09-02 01:08:41
  • Multiple Updates
2023-08-12 12:30:29
  • Multiple Updates
2023-08-12 01:08:10
  • Multiple Updates
2023-08-11 12:26:06
  • Multiple Updates
2023-08-11 01:08:23
  • Multiple Updates
2023-08-06 12:25:21
  • Multiple Updates
2023-08-06 01:08:09
  • Multiple Updates
2023-08-04 12:25:25
  • Multiple Updates
2023-08-04 01:08:13
  • Multiple Updates
2023-07-14 12:25:24
  • Multiple Updates
2023-07-14 01:08:11
  • Multiple Updates
2023-03-29 01:27:11
  • Multiple Updates
2023-03-28 12:08:32
  • Multiple Updates
2022-10-11 12:22:55
  • Multiple Updates
2022-10-11 01:08:20
  • Multiple Updates
2021-05-04 12:35:11
  • Multiple Updates
2021-04-22 01:42:42
  • Multiple Updates
2020-05-23 01:53:47
  • Multiple Updates
2020-05-23 00:42:53
  • Multiple Updates
2019-06-11 12:06:30
  • Multiple Updates
2019-02-28 12:06:03
  • Multiple Updates
2017-11-18 12:03:41
  • Multiple Updates
2017-09-29 12:05:06
  • Multiple Updates
2016-06-30 21:21:06
  • Multiple Updates
2016-04-27 01:29:43
  • Multiple Updates
2015-06-03 13:30:10
  • Multiple Updates
2015-04-30 09:27:28
  • Multiple Updates
2015-03-28 09:26:23
  • Multiple Updates
2015-01-06 15:30:33
  • Multiple Updates
2014-12-08 21:27:26
  • Multiple Updates
2014-12-08 13:26:27
  • Multiple Updates
2014-12-07 09:26:47
  • Multiple Updates
2014-12-05 13:27:07
  • Multiple Updates
2014-12-04 13:28:07
  • Multiple Updates
2014-12-03 21:27:37
  • Multiple Updates
2014-11-29 13:27:26
  • Multiple Updates
2014-11-27 00:26:14
  • Multiple Updates
2014-11-26 13:28:27
  • Multiple Updates
2014-11-26 05:30:18
  • First insertion