5
CVE-2011-4957
- EPSS 3.16%
- Veröffentlicht 27.06.2012 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:35:43
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
WordPress Core < 3.1.1 - Denial of Service
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
Mögliche Gegenmaßnahme
WordPress: Update to version 3.1.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
[*, 3.1.1)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.16% | 0.863 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/49138
http://www.debian.org/security/2012/dsa-2470
http://secunia.com/advisories/44038
http://wordpress.org/news/2011/04/wordpress-3-1-1/
http://www.openwall.com/lists/oss-security/2012/04/19/17
http://www.openwall.com/lists/oss-security/2012/04/19/6
http://core.trac.wordpress.org/ticket/16892
https://www.wordfence.com/threat-intel/vulnerabilities/id/cefb979e-2b5b-4820-a350-ee106131f0f9