CVE-2006-4028 - OpenCVE

Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

OR	cpe:2.3:a:wordpress:wordpress:2.0:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.3:::::::*

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=142142
http://secunia.com/advisories/21309	Patch Vendor Advisory
http://secunia.com/advisories/21447	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-19.xml
http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/
http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/
http://wordpress.org/development/2006/07/wordpress-204/	Patch
http://www.osvdb.org/27633
http://www.securityfocus.com/bid/19247	Patch
http://www.vupen.com/english/advisories/2006/3071	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-09T20:00:00

Updated: 2006-08-18T09:00:00

Reserved: 2006-08-09T00:00:00

Link: CVE-2006-4028

JSON object: View

NVD Information

Status : Analyzed

Published: 2006-08-09T20:04:00.000

Modified: 2011-09-01T04:00:00.000

Link: CVE-2006-4028

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to \"Anyone can register\" functionality (user registration for guests)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-08-18T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-3071", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3071"}, {"name": "21447", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21447"}, {"name": "19247", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19247"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wordpress.org/development/2006/07/wordpress-204/"}, {"name": "21309", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21309"}, {"tags": ["x_refsource_MISC"], "url": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/"}, {"name": "GLSA-200608-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200608-19.xml"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=142142"}, {"tags": ["x_refsource_MISC"], "url": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/"}, {"name": "27633", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27633"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4028", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to \"Anyone can register\" functionality (user registration for guests)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-3071", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3071"}, {"name": "21447", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21447"}, {"name": "19247", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19247"}, {"name": "http://wordpress.org/development/2006/07/wordpress-204/", "refsource": "CONFIRM", "url": "http://wordpress.org/development/2006/07/wordpress-204/"}, {"name": "21309", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21309"}, {"name": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/", "refsource": "MISC", "url": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/"}, {"name": "GLSA-200608-19", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200608-19.xml"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=142142", "refsource": "MISC", "url": "http://bugs.gentoo.org/show_bug.cgi?id=142142"}, {"name": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/", "refsource": "MISC", "url": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/"}, {"name": "27633", "refsource": "OSVDB", "url": "http://www.osvdb.org/27633"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4028", "datePublished": "2006-08-09T20:00:00", "dateReserved": "2006-08-09T00:00:00", "dateUpdated": "2006-08-18T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDCFE9AA-39E9-4366-AAB7-F7A891BC797E", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BAF4671A-8449-438E-922B-94E5542137BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "92F05A1F-2227-4166-807B-1BDE2EA8F245", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73E23-7CD0-429C-986B-5F721F1696BC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to \"Anyone can register\" functionality (user registration for guests)."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en WordPress anteriores a 2.0.4 tienen impacto y vectores de ataque desconocidos. NOTA: debido a la falta de detalles, no est\u00e1 claro por qu\u00e9 estos problemas son diferentes de CVE-2006-3389 y CVE-2006-3390, aunque es probable que la versi\u00f3n 2.04 solucione un problema no especificado relacionado con la funcionalidad \"cualquiera puede registrarse\" (registro de usuario para invitados)."}], "id": "CVE-2006-4028", "lastModified": "2011-09-01T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-09T20:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=142142"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21309"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21447"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200608-19.xml"}, {"source": "cve@mitre.org", "url": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/"}, {"source": "cve@mitre.org", "url": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://wordpress.org/development/2006/07/wordpress-204/"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27633"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/19247"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3071"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}