What is CVE-2014-9037?

CVE-2014-9037 is a vulnerability in Mageia_project Mageia, classified under Cryptographic Issues. Published 2014-11-25.

Is CVE-2014-9037 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mageia_project Mageia

CVE-2014-9037

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.026 (86.0th percentile) — read the EPSS interpretation.

Affected products

Mageia_project Mageia — versions 3, 4
Wordpress — versions 3.8, 3.8.1, 3.8.2
Debian Debian_linux — versions 7.0, 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

Public proof-of-concept exploits

20142995/nuclei-templates

References

DSA-3085 (vendor-advisory, x_refsource_DEBIAN)
[oss-security] 20141125 Re: WordPress 4.0.1 Security Release (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM)
1031243 (vdb-entry, x_refsource_SECTRACK)
MDVSA-2014:233 (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2014-9037?: CVE-2014-9037 is a vulnerability in Mageia_project Mageia, classified under Cryptographic Issues. Published 2014-11-25.
Is CVE-2014-9037 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.