CVE-2014-9037

Priority
Medium
Description
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x
before 4.0.1 might allow remote attackers to obtain access to an account
idle since 2008 by leveraging an improper PHP dynamic type comparison for
an MD5 hash.
References
Bugs
Package
Upstream:released (4.0.1+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.0.1+dfsg-1)
Ubuntu 17.10 (Artful Aardvark):not-affected (4.0.1+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.0.1+dfsg-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.0.1+dfsg-1)
More Information

Updated: 2018-06-26 04:04:49 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)