Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0173

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2014-0173
Last Modified 22 Apr 2014 12:05:00
Published 22 Apr 2014 09:06:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0173

Summary

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Automattic Jetpack 1.9

  • Automattic Jetpack 1.9.1

  • Automattic Jetpack 1.9.2

  • Automattic Jetpack 2.0

  • Automattic Jetpack 2.0.1

  • Automattic Jetpack 2.0.2

  • Automattic Jetpack 2.0.3

  • Automattic Jetpack 2.0.4

  • Automattic Jetpack 2.1

  • Automattic Jetpack 2.1.1

  • Automattic Jetpack 2.1.2

  • Automattic Jetpack 2.2

  • Automattic Jetpack 2.2.1

  • Automattic Jetpack 2.2.2

  • Automattic Jetpack 2.2.3

  • Automattic Jetpack 2.2.4

  • Automattic Jetpack 2.2.5

  • Automattic Jetpack 2.3

  • Automattic Jetpack 2.3.1

  • Automattic Jetpack 2.3.2

  • Automattic Jetpack 2.3.3

  • Automattic Jetpack 2.3.4

  • Automattic Jetpack 2.3.5

  • Automattic Jetpack 2.4

  • Automattic Jetpack 2.4.1

  • Automattic Jetpack 2.4.2

  • Automattic Jetpack 2.5

  • Automattic Jetpack 2.6

  • Automattic Jetpack 2.6.1

  • Automattic Jetpack 2.7

  • Automattic Jetpack 2.8

  • Automattic Jetpack 2.9

  • Automattic Jetpack 2.9.1

  • Automattic Jetpack 2.9.2

  • Automattic Jetpack 2.9.3


References

XF - jetpack-wordpress-cve20140173-sec-bypass(92560)

BID - 66789

SECUNIA - 57729

CONFIRM - http://jetpack.me/2014/04/10/jetpack-security-update/


Last Updated: 27 May 2016 11:05:02