CVE-2012-0937
First published: Mon Jan 30 2012(Updated: )
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress | <=3.3.1 | |
| WordPress | =0.7 | |
| WordPress | =0.71 | |
| WordPress | =0.72 | |
| WordPress | =0.711 | |
| WordPress | =1.0 | |
| WordPress | =1.0.1 | |
| WordPress | =1.0.2 | |
| WordPress | =1.2 | |
| WordPress | =1.2.1 | |
| WordPress | =1.2.2 | |
| WordPress | =1.5 | |
| WordPress | =1.5.1 | |
| WordPress | =1.5.1.2 | |
| WordPress | =1.5.1.3 | |
| WordPress | =1.5.2 | |
| WordPress | =2.0 | |
| WordPress | =2.0.1 | |
| WordPress | =2.0.2 | |
| WordPress | =2.0.3 | |
| WordPress | =2.0.4 | |
| WordPress | =2.0.5 | |
| WordPress | =2.0.6 | |
| WordPress | =2.0.7 | |
| WordPress | =2.0.8 | |
| WordPress | =2.0.9 | |
| WordPress | =2.0.10 | |
| WordPress | =2.0.11 | |
| WordPress | =2.1 | |
| WordPress | =2.1.1 | |
| WordPress | =2.1.2 | |
| WordPress | =2.1.3 | |
| WordPress | =2.2 | |
| WordPress | =2.2.1 | |
| WordPress | =2.2.2 | |
| WordPress | =2.2.3 | |
| WordPress | =2.3 | |
| WordPress | =2.3.1 | |
| WordPress | =2.3.2 | |
| WordPress | =2.3.3 | |
| WordPress | =2.5 | |
| WordPress | =2.5.1 | |
| WordPress | =2.6 | |
| WordPress | =2.6.1 | |
| WordPress | =2.6.2 | |
| WordPress | =2.6.3 | |
| WordPress | =2.6.5 | |
| WordPress | =2.7 | |
| WordPress | =2.7.1 | |
| WordPress | =2.8 | |
| WordPress | =2.8.1 | |
| WordPress | =2.8.2 | |
| WordPress | =2.8.3 | |
| WordPress | =2.8.4 | |
| WordPress | =2.8.5 | |
| WordPress | =2.8.6 | |
| WordPress | =2.9 | |
| WordPress | =2.9.1 | |
| WordPress | =2.9.2 | |
| WordPress | =3.0 | |
| WordPress | =3.0.1 | |
| WordPress | =3.0.2 | |
| WordPress | =3.0.3 | |
| WordPress | =3.0.4 | |
| WordPress | =3.0.5 | |
| WordPress | =3.0.6 | |
| WordPress | =3.1 | |
| WordPress | =3.1.1 | |
| WordPress | =3.1.2 | |
| WordPress | =3.1.3 | |
| WordPress | =3.1.4 | |
| WordPress | =3.2.1 | |
| WordPress | =3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0937?
The severity of CVE-2012-0937 is considered to be high due to its potential exploitation for brute-force and denial-of-service attacks.
How do I fix CVE-2012-0937?
To fix CVE-2012-0937, upgrade your WordPress installation to version 3.3.2 or later, where the vulnerability is patched.
Which versions of WordPress are affected by CVE-2012-0937?
CVE-2012-0937 affects WordPress versions 3.3.1 and earlier, as well as several legacy versions.
What type of attacks can exploit CVE-2012-0937?
CVE-2012-0937 can be exploited for brute-force attacks and denial-of-service attacks by allowing excessive MySQL queries.
Is there any workaround for CVE-2012-0937 before I can update?
While it is recommended to update, you may limit direct access to wp-admin/setup-config.php or restrict MySQL connections as a temporary measure.
- agent/type
- agent/author
- agent/references
- agent/severity
- agent/status
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/wordpress
- canonical/wordpress
- version/wordpress/3.3.1
- version/wordpress/0.7
- version/wordpress/0.71
- version/wordpress/0.72
- version/wordpress/0.711
- version/wordpress/1.0
- version/wordpress/1.0.1
- version/wordpress/1.0.2
- version/wordpress/1.2
- version/wordpress/1.2.1
- version/wordpress/1.2.2
- version/wordpress/1.5
- version/wordpress/1.5.1
- version/wordpress/1.5.1.2
- version/wordpress/1.5.1.3
- version/wordpress/1.5.2
- version/wordpress/2.0
- version/wordpress/2.0.1
- version/wordpress/2.0.2
- version/wordpress/2.0.3
- version/wordpress/2.0.4
- version/wordpress/2.0.5
- version/wordpress/2.0.6
- version/wordpress/2.0.7
- version/wordpress/2.0.8
- version/wordpress/2.0.9
- version/wordpress/2.0.10
- version/wordpress/2.0.11
- version/wordpress/2.1
- version/wordpress/2.1.1
- version/wordpress/2.1.2
- version/wordpress/2.1.3
- version/wordpress/2.2
- version/wordpress/2.2.1
- version/wordpress/2.2.2
- version/wordpress/2.2.3
- version/wordpress/2.3
- version/wordpress/2.3.1
- version/wordpress/2.3.2
- version/wordpress/2.3.3
- version/wordpress/2.5
- version/wordpress/2.5.1
- version/wordpress/2.6
- version/wordpress/2.6.1
- version/wordpress/2.6.2
- version/wordpress/2.6.3
- version/wordpress/2.6.5
- version/wordpress/2.7
- version/wordpress/2.7.1
- version/wordpress/2.8
- version/wordpress/2.8.1
- version/wordpress/2.8.2
- version/wordpress/2.8.3
- version/wordpress/2.8.4
- version/wordpress/2.8.5
- version/wordpress/2.8.6
- version/wordpress/2.9
- version/wordpress/2.9.1
- version/wordpress/2.9.2
- version/wordpress/3.0
- version/wordpress/3.0.1
- version/wordpress/3.0.2
- version/wordpress/3.0.3
- version/wordpress/3.0.4
- version/wordpress/3.0.5
- version/wordpress/3.0.6
- version/wordpress/3.1
- version/wordpress/3.1.1
- version/wordpress/3.1.2
- version/wordpress/3.1.3
- version/wordpress/3.1.4
- version/wordpress/3.2.1
- version/wordpress/3.3
- status/disputed