Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2012-5868

Published: 27/12/2012 Updated: 08/01/2013
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Wordpress

Vulnerability Summary

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote malicious users to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 3.4.2

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CVE-2012-5868: wp-login.php session termination failure
Debian Bug report logs - #696868 wordpress: CVE-2012-5868: wp-loginphp session termination failure Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Fri, 28 Dec 2012 14:45:01 UTC ...

References

CWE-200http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logouthttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696868https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook