Lucene search

[email protected]CVE-2014-5266

HistoryAug 18, 2014 - 11:15 a.m.

CVE-2014-5266

2014-08-1811:15:27

CWE-399

[email protected]

web.nvd.nist.gov

110

cwe-400

xml-rpc

denial of service

wordpress

drupal

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

High

0.929 High

EPSS

Percentile

99.0%

JSON

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.

Affected configurations

NVD

Node

wordpresswordpressRange≤3.9.1

wordpresswordpressMatch3.0

wordpresswordpressMatch3.0.1

wordpresswordpressMatch3.0.2

wordpresswordpressMatch3.0.3

wordpresswordpressMatch3.0.4

wordpresswordpressMatch3.0.5

wordpresswordpressMatch3.0.6

wordpresswordpressMatch3.1

wordpresswordpressMatch3.1.1

wordpresswordpressMatch3.1.2

wordpresswordpressMatch3.1.3

wordpresswordpressMatch3.1.4

wordpresswordpressMatch3.2

wordpresswordpressMatch3.2beta1

wordpresswordpressMatch3.2.1

wordpresswordpressMatch3.3

wordpresswordpressMatch3.3.1

wordpresswordpressMatch3.3.2

wordpresswordpressMatch3.3.3

wordpresswordpressMatch3.4.0

wordpresswordpressMatch3.4.1

wordpresswordpressMatch3.4.2

wordpresswordpressMatch3.5.0

wordpresswordpressMatch3.5.1

wordpresswordpressMatch3.6

wordpresswordpressMatch3.6.1

wordpresswordpressMatch3.7

wordpresswordpressMatch3.7.1

wordpresswordpressMatch3.8

wordpresswordpressMatch3.8.1

wordpresswordpressMatch3.9.0

Node

drupaldrupalMatch6.0

drupaldrupalMatch6.0beta1

drupaldrupalMatch6.0beta2

drupaldrupalMatch6.0beta3

drupaldrupalMatch6.0beta4

drupaldrupalMatch6.0dev

drupaldrupalMatch6.0rc1

drupaldrupalMatch6.0rc2

drupaldrupalMatch6.0rc3

drupaldrupalMatch6.0rc4

drupaldrupalMatch6.1

drupaldrupalMatch6.2

drupaldrupalMatch6.3

drupaldrupalMatch6.4

drupaldrupalMatch6.5

drupaldrupalMatch6.6

drupaldrupalMatch6.7

drupaldrupalMatch6.8

drupaldrupalMatch6.9

drupaldrupalMatch6.10

drupaldrupalMatch6.11

drupaldrupalMatch6.12

drupaldrupalMatch6.13

drupaldrupalMatch6.14

drupaldrupalMatch6.15

drupaldrupalMatch6.16

drupaldrupalMatch6.17

drupaldrupalMatch6.18

drupaldrupalMatch6.19

drupaldrupalMatch6.20

drupaldrupalMatch6.21

drupaldrupalMatch6.22

drupaldrupalMatch6.23

drupaldrupalMatch6.24

drupaldrupalMatch6.25

drupaldrupalMatch6.26

drupaldrupalMatch6.27

drupaldrupalMatch6.28

drupaldrupalMatch6.29

drupaldrupalMatch6.30

drupaldrupalMatch6.31

drupaldrupalMatch6.32

drupaldrupalMatch7.0

drupaldrupalMatch7.0alpha1

drupaldrupalMatch7.0alpha2

drupaldrupalMatch7.0alpha3

drupaldrupalMatch7.0alpha4

drupaldrupalMatch7.0alpha5

drupaldrupalMatch7.0alpha6

drupaldrupalMatch7.0alpha7

drupaldrupalMatch7.0beta1

drupaldrupalMatch7.0beta2

drupaldrupalMatch7.0beta3

drupaldrupalMatch7.0dev

drupaldrupalMatch7.0rc1

drupaldrupalMatch7.0rc2

drupaldrupalMatch7.0rc3

drupaldrupalMatch7.0rc4

drupaldrupalMatch7.1

drupaldrupalMatch7.2

drupaldrupalMatch7.3

drupaldrupalMatch7.4

drupaldrupalMatch7.5

drupaldrupalMatch7.6

drupaldrupalMatch7.7

drupaldrupalMatch7.8

drupaldrupalMatch7.9

drupaldrupalMatch7.10

drupaldrupalMatch7.11

drupaldrupalMatch7.12

drupaldrupalMatch7.13

drupaldrupalMatch7.14

drupaldrupalMatch7.15

drupaldrupalMatch7.16

drupaldrupalMatch7.17

drupaldrupalMatch7.18

drupaldrupalMatch7.19

drupaldrupalMatch7.20

drupaldrupalMatch7.21

drupaldrupalMatch7.22

drupaldrupalMatch7.23

drupaldrupalMatch7.24

drupaldrupalMatch7.25

drupaldrupalMatch7.26

drupaldrupalMatch7.27

drupaldrupalMatch7.28

drupaldrupalMatch7.29

drupaldrupalMatch7.30

drupaldrupalMatch7.x-dev

Node

debiandebian_linuxMatch7.0

CPENameOperatorVersion
wordpress:wordpresswordpressle3.9.1
wordpress:wordpresswordpresseq3.0
wordpress:wordpresswordpresseq3.0.1
wordpress:wordpresswordpresseq3.0.2
wordpress:wordpresswordpresseq3.0.3
wordpress:wordpresswordpresseq3.0.4
wordpress:wordpresswordpresseq3.0.5
wordpress:wordpresswordpresseq3.0.6
wordpress:wordpresswordpresseq3.1
wordpress:wordpresswordpresseq3.1.1

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	le	3.9.1
wordpress:wordpress	wordpress	eq	3.0
wordpress:wordpress	wordpress	eq	3.0.1
wordpress:wordpress	wordpress	eq	3.0.2
wordpress:wordpress	wordpress	eq	3.0.3
wordpress:wordpress	wordpress	eq	3.0.4
wordpress:wordpress	wordpress	eq	3.0.5
wordpress:wordpress	wordpress	eq	3.0.6
wordpress:wordpress	wordpress	eq	3.1
wordpress:wordpress	wordpress	eq	3.1.1