Description

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks.

Remediation

References

CVE-2017-12849

Related Vulnerabilities

WordPress Plugin VikBooking Hotel Booking Engine & PMS Cross-Site Scripting (1.5.8)

WordPress Plugin YOP Poll Cross-Site Scripting (6.2.7)

PHP Improper Input Validation Vulnerability (CVE-2007-3799)

MySQL CVE-2019-2798 Vulnerability (CVE-2019-2798)

WordPress Plugin WP REST API (WP API) Cross-Site Scripting (1.2.2)

Severity

Medium

Classification

CVE-2017-12849 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities