5
CVE-2014-5266
- EPSS 24.39%
- Veröffentlicht 18.08.2014 11:15:27
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core < 3.9.2 - Denial of Service via XML #2
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.4, 3.8.4, 3.9.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version7.0
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
[*, 3.7)
Version
3.7-3.7.3
Version
3.8-3.8.3
Version
3.9-3.9.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 24.39% | 0.976 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
http://www.debian.org/security/2014/dsa-3001
https://wordpress.org/news/2014/08/wordpress-3-9-2/
http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830
http://www.debian.org/security/2014/dsa-2999
https://core.trac.wordpress.org/changeset/29404
https://www.drupal.org/SA-CORE-2014-004
http://cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830
https://www.wordfence.com/threat-intel/vulnerabilities/id/b0382227-48eb-4a97-8f3c-5c8fc4bcc0b6