CVE-2014-9037
First published: Tue Nov 25 2014(Updated: )
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mageia | =3 | |
| Mageia | =4 | |
| WordPress | <=3.7.4 | |
| WordPress | =3.8 | |
| WordPress | =3.8.1 | |
| WordPress | =3.8.2 | |
| WordPress | =3.8.3 | |
| WordPress | =3.8.4 | |
| WordPress | =3.9 | |
| WordPress | =3.9.1 | |
| WordPress | =3.9.2 | |
| WordPress | =4.0 | |
| Debian Linux | =7.0 | |
| Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0493.html
- http://openwall.com/lists/oss-security/2014/11/25/12
- http://www.debian.org/security/2014/dsa-3085
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:233
- http://www.securitytracker.com/id/1031243
- https://wordpress.org/news/2014/11/wordpress-4-0-1/
Frequently Asked Questions
What is the severity of CVE-2014-9037?
CVE-2014-9037 is classified as a moderate severity vulnerability due to its potential for unauthorized account access.
How do I fix CVE-2014-9037?
Fixing CVE-2014-9037 involves upgrading to WordPress versions 3.7.5, 3.8.5, 3.9.3, or 4.0.1 or later.
Which versions of WordPress are affected by CVE-2014-9037?
CVE-2014-9037 affects WordPress versions below 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1.
What can attackers do with CVE-2014-9037?
Attackers exploiting CVE-2014-9037 may gain access to accounts that have been idle since 2008.
Is Mageia 3 or 4 affected by CVE-2014-9037?
Yes, Mageia versions 3 and 4 are affected by CVE-2014-9037.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mageia project
- canonical/mageia
- version/mageia/3
- version/mageia/4
- vendor/wordpress
- canonical/wordpress
- version/wordpress/3.7.4
- version/wordpress/3.8
- version/wordpress/3.8.1
- version/wordpress/3.8.2
- version/wordpress/3.8.3
- version/wordpress/3.8.4
- version/wordpress/3.9
- version/wordpress/3.9.1
- version/wordpress/3.9.2
- version/wordpress/4.0
- vendor/debian
- canonical/debian linux
- version/debian linux/7.0
- version/debian linux/8.0