Merge pull request #9094 from projectdiscovery/wp-user-enum

Update and rename CVE-2017-5487.yaml to wp-user-enum.yaml
patch-1
pussycat0x 2024-02-05 16:27:07 +05:30 committed by GitHub
commit c1ce561eb0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 19 deletions

View File

@ -1,28 +1,19 @@
id: CVE-2017-5487
id: wp-user-enum
info:
name: WordPress Core <4.7.1 - Username Enumeration
name: WordPress REST API User Enumeration
author: Manas_Harsh,daffainfo,geeknik,dr0pd34d
severity: medium
description: WordPress Core before 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows a remote attacker to obtain sensitive information via a wp-json/wp/v2/users request.
severity: low
description: |
The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
impact: |
An attacker can easily determine valid usernames, which can lead to targeted attacks such as brute force attacks or social engineering.
remediation: |
Update WordPress to version 4.7.1 or later
Install a WordPress plugin such as Stop User Enumeration. Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user names.
reference:
- https://www.exploit-db.com/exploits/41497
- https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/
- https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
- http://www.openwall.com/lists/oss-security/2017/01/14/6
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2017-5487
cwe-id: CWE-200
epss-score: 0.97179
epss-percentile: 0.99776
cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
- https://www.acunetix.com/vulnerabilities/web/wordpress-rest-api-user-enumeration/
- https://wordpress.org/plugins/stop-user-enumeration/
- https://www.afteractive.com/wordpress-user-enumeration-vulnerability/
metadata:
verified: true
max-request: 2
@ -65,4 +56,4 @@ http:
- '.[] | .slug'
- '.[].name'
part: body
# digest: 4a0a0047304502205e1134c2f58050dd5aebdef51803d8813f61ca8d8829dfe95707d4270381d580022100ebb5318b886379bac4eac7f14a4342442b7a8391fbf831e5f92753698951ba5e:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502205e1134c2f58050dd5aebdef51803d8813f61ca8d8829dfe95707d4270381d580022100ebb5318b886379bac4eac7f14a4342442b7a8391fbf831e5f92753698951ba5e:922c64590222798bb761d5b6d8e72950