CVE-2014-5266
23Vexday Risk Score
Corrija em breve. Ela tem exploit funcional público.
ssvc Attendepss 24%
da publicação à arma0 dias
Publicada no NVD18 de ago.
metasploit6 de ago.
probabilidade de exploração
24%top 2% das CVEs
exploração observada
nãonenhuma fonte reporta
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
Produtos afetados
n/a · n/aReferências
http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830http://cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830https://core.trac.wordpress.org/changeset/29404https://wordpress.org/news/2014/08/wordpress-3-9-2/https://www.drupal.org/SA-CORE-2014-004http://www.debian.org/security/2014/dsa-2999http://www.debian.org/security/2014/dsa-3001