CVE-2014-9037
Published: 25 November 2014
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Priority
Status
Package | Release | Status |
---|---|---|
wordpress Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(4.0.1+dfsg-1)
|
bionic |
Not vulnerable
(4.0.1+dfsg-1)
|
|
cosmic |
Not vulnerable
(4.0.1+dfsg-1)
|
|
disco |
Not vulnerable
(4.0.1+dfsg-1)
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(4.0.1+dfsg-1)
|
|
utopic |
Ignored
(end of life)
|
|
wily |
Not vulnerable
(4.0.1+dfsg-1)
|
|
xenial |
Not vulnerable
(4.0.1+dfsg-1)
|
|
yakkety |
Not vulnerable
(4.0.1+dfsg-1)
|
|
zesty |
Not vulnerable
(4.0.1+dfsg-1)
|
|
vivid |
Not vulnerable
(4.0.1+dfsg-1)
|