Merge pull request #9094 from projectdiscovery/wp-user-enum

Update and rename CVE-2017-5487.yaml to wp-user-enum.yaml
patch-1
pussycat0x 2024-02-05 16:27:07 +05:30 committed by GitHub
commit c1ce561eb0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 19 deletions

View File

@ -1,28 +1,19 @@
id: CVE-2017-5487 id: wp-user-enum
info: info:
name: WordPress Core <4.7.1 - Username Enumeration name: WordPress REST API User Enumeration
author: Manas_Harsh,daffainfo,geeknik,dr0pd34d author: Manas_Harsh,daffainfo,geeknik,dr0pd34d
severity: medium severity: low
description: WordPress Core before 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows a remote attacker to obtain sensitive information via a wp-json/wp/v2/users request. description: |
The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
impact: | impact: |
An attacker can easily determine valid usernames, which can lead to targeted attacks such as brute force attacks or social engineering. An attacker can easily determine valid usernames, which can lead to targeted attacks such as brute force attacks or social engineering.
remediation: | remediation: |
Update WordPress to version 4.7.1 or later Install a WordPress plugin such as Stop User Enumeration. Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user names.
reference: reference:
- https://www.exploit-db.com/exploits/41497 - https://www.acunetix.com/vulnerabilities/web/wordpress-rest-api-user-enumeration/
- https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/ - https://wordpress.org/plugins/stop-user-enumeration/
- https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ - https://www.afteractive.com/wordpress-user-enumeration-vulnerability/
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
- http://www.openwall.com/lists/oss-security/2017/01/14/6
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2017-5487
cwe-id: CWE-200
epss-score: 0.97179
epss-percentile: 0.99776
cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
metadata: metadata:
verified: true verified: true
max-request: 2 max-request: 2
@ -65,4 +56,4 @@ http:
- '.[] | .slug' - '.[] | .slug'
- '.[].name' - '.[].name'
part: body part: body
# digest: 4a0a0047304502205e1134c2f58050dd5aebdef51803d8813f61ca8d8829dfe95707d4270381d580022100ebb5318b886379bac4eac7f14a4342442b7a8391fbf831e5f92753698951ba5e:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502205e1134c2f58050dd5aebdef51803d8813f61ca8d8829dfe95707d4270381d580022100ebb5318b886379bac4eac7f14a4342442b7a8391fbf831e5f92753698951ba5e:922c64590222798bb761d5b6d8e72950