7.5
CVE-2018-6389
- EPSS 73.1%
- Veröffentlicht 06.02.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:10:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core < 5.0 - Denial of Service
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
Mögliche Gegenmaßnahme
WordPress: Update to version 5.0, or a newer patched version
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 73.1% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
http://www.securityfocus.com/bid/103060
http://www.securitytracker.com/id/1040347
https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
https://github.com/UltimateHackers/Shiva
https://github.com/WazeHell/CVE-2018-6389
https://thehackernews.com/2018/02/wordpress-dos-exploit.html
https://wpvulndb.com/vulnerabilities/9021
https://www.exploit-db.com/exploits/43968/
https://www.wordfence.com/threat-intel/vulnerabilities/id/1d5987cd-1304-487c-8d1c-cab0510fbb84