[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

247085

 
 

909

 
 

194218

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3622Date: (C)2009-10-23   (M)2023-12-22


Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related to the mb_convert_encoding function in PHP.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1023072
http://seclists.org/fulldisclosure/2009/Oct/263
SECUNIA-37088
OSVDB-59077
ADV-2009-2986
http://marc.info/?l=oss-security&m=125612393329041&w=2
http://marc.info/?l=oss-security&m=125614592004825&w=2
http://codes.zerial.org/php/wp-trackbacks_dos.phps
http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/
http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html
http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/
https://bugzilla.redhat.com/show_bug.cgi?id=530056
wordpress-wptrackback-dos(53884)

CPE    1
cpe:/a:wordpress:wordpress
CWE    1
CWE-310

© SecPod Technologies