ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.9.1 - Denial Of Service Attacks #2

Product
WordPress
Description
The Incutio XML-RPC (IXR) Library permits entity declarations without considering recursion during entity expansion. In that way the attackers can cause a denial of service attacks via a crafted XML document containing a large number of nested entity references. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-3-9-1-denial-of-service-attacks
Solution
Update WordPress.
Classification
Type Unknown
References
CVE Mitre
CVE
Name CVE-2014-5265
Versions
Affected In <= 3.9.1
Fixed In 3.9.2
Disclosure date
2014-08-15
Credits
Yuji Tounai