7.5

CVE-2012-6078

Exploit

W3 Total Cache <= 0.9.2.4 - Insecure Cryptography to Sensitive Information Disclosure

W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes.
Mögliche Gegenmaßnahme
W3 Total Cache: Update to version 0.9.2.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BoldgridW3 Total Cache Version < 0.9.2.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt W3 Total Cache
Version *-0.9.2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.32% 0.812
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.openwall.com/lists/oss-security/2012/12/30/3
Third Party Advisory
Mailing List
https://www.acunetix.com/vulnerabilities/web/wordpress-w3-total-cache-plugin-predictable-cache-filenames/
Third Party Advisory
https://www.w3-edge.com/weblog/2013/01/security-w3-total-cache-0-9-2-4/
Vendor Advisory
Release Notes
https://security-tracker.debian.org/tracker/CVE-2012-6078
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/836bac94-fd74-4ef9-a79b-4ea13de8f44f
Third Party Advisory