CVE-2018-6389
CVE-2018-6389
Vexday Risk Score
50Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
PoC popular en GitHub (130 estrellas) — código de explotación ampliamente disponible.
CVSS —EPSS 73.1%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
05 feb 2018PoC pública
06 feb 2018Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
Productos afectados
n/a · n/aPoCs públicas encontradas — 24
githubgithub.com/s0md3v/Shiva★ 130githubgithub.com/safebuffer/CVE-2018-6389★ 82githubgithub.com/ItinerisLtd/trellis-cve-2018-6389★ 13githubgithub.com/knqyf263/CVE-2018-6389★ 10githubgithub.com/omidsec/CVE-2018-6389★ 6githubgithub.com/Zazzzles/Wordpress-DOS★ 4githubgithub.com/ianxtianxt/CVE-2018-6389★ 3githubgithub.com/JavierOlmedo/wordpress-cve-2018-6389★ 2githubgithub.com/dsfau/wordpress-CVE-2018-6389★ 2githubgithub.com/m3ssap0/wordpress_cve-2018-6389★ 2githubgithub.com/JulienGadanho/cve-2018-6389-php-patcher★ 1githubgithub.com/vineetkia/Wordpress-DOS-Attack-CVE-2018-6389★ 1githubgithub.com/yolabingo/wordpress-fix-cve-2018-6389★ 1githubgithub.com/armaanpathan12345/WP-DOS-Exploit-CVE-2018-6389★ 1githubgithub.com/mudhappy/Wordpress-Hack-CVE-2018-6389★ 0githubgithub.com/rastating/modsecurity-cve-2018-6389★ 0githubgithub.com/fakedob/tvsz★ 0githubgithub.com/alessiogilardi/PoC---CVE-2018-6389★ 0githubgithub.com/BlackRouter/cve-2018-6389★ 0githubgithub.com/thechrono13/PoC---CVE-2018-6389★ 0githubgithub.com/amit-pathak009/CVE-2018-6389-FIX★ 0githubgithub.com/Jetserver/CVE-2018-6389-FIX★ 0exploitdbwww.exploit-db.com/exploits/43968no verificadocve_referencewww.exploit-db.com/exploits/43968/no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.htmlhttps://github.com/UltimateHackers/Shivahttps://github.com/WazeHell/CVE-2018-6389https://thehackernews.com/2018/02/wordpress-dos-exploit.htmlhttps://wpvulndb.com/vulnerabilities/9021https://www.exploit-db.com/exploits/43968/http://www.securityfocus.com/bid/103060http://www.securitytracker.com/id/1040347