CVE-2014-5266
23Vexday Risk Score
Corrige pronto. Ella tiene exploit funcional público.
ssvc Attendepss 24%
de la publicación al arma0 días
Publicada en NVD18 ago
metasploit6 ago
probabilidad de explotación
24%top 2% de las CVE
explotación observada
noninguna fuente lo reporta
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
Productos afectados
n/a · n/aReferencias
http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830http://cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830https://core.trac.wordpress.org/changeset/29404https://wordpress.org/news/2014/08/wordpress-3-9-2/https://www.drupal.org/SA-CORE-2014-004http://www.debian.org/security/2014/dsa-2999http://www.debian.org/security/2014/dsa-3001