CVE-2009-3622

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 2.8.5

Description The issue allows remote attackers to cause a denial of service, resulting in CPU consumption and server hang. This is achieved by sending a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, which is related to the mb convert encoding function in PHP.

Recommendations For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-trackback.php file to minimize the risk of exploitation. Avoid using the title parameter with long strings in conjunction with a charset parameter containing multiple "UTF-8" substrings until the issue is resolved.