7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.39 Low
EPSS
Percentile
96.7%
##Description##
There is possibility in /wp-admin/load-scripts.php script to generate large (~3Mb) amount of data via simple non-authenticated request to server.
The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389
##Details##
Detailed attack scenario is described for example here: https://baraktawily.blogspot.ru/2018/02/how-to-dos-29-of-world-wide-websites.html
I have an Apache JMeter script which is able to simulate necessary loading for your site (can be provided to you if necessary).
(it cab be longer, this is just an example)
As no rate-limiting is setup for this URL - then DoS comes real.
##Variants to fix issue##
change default “admin” directory name (Security through obscurity)
or apply some password protection to /wp-admin/ url
or apply some rate-limiting (but DDoS is still possible)
Thank you!
Unfortunatelly, no fix from WordPress side is provided for this issue.
DoS of the site and application server
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.39 Low
EPSS
Percentile
96.7%