PT-2014-6379 · Incutio+2 · Incutio Xml-Rpc Library+2

Published

2014-08-18

Updated

2015-11-25

CVE-2014-5266

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Incutio XML-RPC (IXR) Library as used in WordPress versions prior to 3.9.2 Incutio XML-RPC (IXR) Library as used in Drupal versions prior to 6.33 Incutio XML-RPC (IXR) Library as used in Drupal versions prior to 7.31

Description The issue allows remote attackers to cause a denial of service due to CPU consumption by sending a large XML document. This is achieved by exploiting the lack of limitation on the number of elements in an XML document.

Recommendations For WordPress versions prior to 3.9.2, update to version 3.9.2 or later. For Drupal 6.x versions prior to 6.33, update to version 6.33 or later. For Drupal 7.x versions prior to 7.31, update to version 7.31 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2014-5266

DLA-56-1

DSA-2999-1

DSA-3001-1

Affected Products

Drupal

Incutio Xml-Rpc Library

Wordpress

PT-2014-6379 · Incutio+2 · Incutio Xml-Rpc Library+2

CVE-2014-5266

Weakness Enumeration

Related Identifiers

Affected Products

References · 17