ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.9.1 - Denial Of Service Attacks #1

Product
WordPress
Description
The Incutio XML-RPC (IXR) Library, that is used in WordPress 3.9.1, does not limit the number of elements in an XML document. In that way the attackers can cause a denial of service attacks via a large document. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-3-9-1-denial-of-service-attacks-2
Solution
Update WordPress.
Classification
Type Denial of Service Attacks
References
CVE Mitre
CVE
Name CVE-2014-5266
Versions
Affected In <= 3.9.1
Fixed In 3.9.2
Disclosure date
2014-08-15
Credits
Drupal security team