CVE-2014-3781

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
dotcleardotclear
𝑥
≤ 2.6.2
dotcleardotclear
2.6
dotcleardotclear
2.6:rc
dotcleardotclear
2.6.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dotclear
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
precise
ignored
lucid
dne
Common Weakness Enumeration
References
http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
http://karmainsecurity.com/KIS-2014-05
http://packetstormsecurity.com/files/126766/Dotclear-2.6.2-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2014/May/107
http://secunia.com/advisories/58675
http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
http://karmainsecurity.com/KIS-2014-05
http://packetstormsecurity.com/files/126766/Dotclear-2.6.2-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2014/May/107
http://secunia.com/advisories/58675